Closed ghuser closed 1 year ago
Hi @ghuser :wave:
this is expected behavior and demonstrates one of the strengths of beanshooter compared to other tools. By default, Java RMI redirects users to the hostname that was configured for the RMI server. In case of the example server, this should be iinsecure.dev
. Since this hostname does not exist, your connection fails from there. beanshooter fixes this issue by not following these redirects but keep the specified target by default. If you come to a situation where you want beanshooter to follow redirects, you can use the --follow
option.
To use jconsole
on the example server, just add iinsecure.dev
to your /etc/hosts
file and let it point to the container IP address.
Thinking about the whole situation makes me realize that choosing iinsecure.dev
as hostname was actually quite dumb. This hostname did not exist during development, but someone could claim it and other users may be redirected to this host when, unintentionally attacking a target on the internet :thinking: So thanks for the issue :+1: I will change the hostname to localhost
soon :wrench:
If your question was answered, please close the issue :smiley:
Closed because of inactivity.
I started
jmx-example-server
with docker, exposing the ports todocker-compose
. However I cannot connect withjconsole
to any of them.I tried:
In all I get "secure connection failed. Retry insecurely?" And I select "Insecure selection" but then I see: "The connection to .. did not succeed."
The same happens also when I use the docker's container's ip
172.21.0.2
.With beanshooter I can connect. e.g
brute
works.Is it expected to not being able to connect with
jconsole
?