HTTP Server + Groovlet = A Back-Door Type of Trick When Using A Java App
Join the DZone community and get the full member experience.
Join For Freerecently i saw an
article
about simple
groovlet
. groovlet allows you to execute any code in your server. it looks very useful for creating a backdoor - for debugging, troubleshooting, etc.
my problem, however, is that we don't just have a server, but we also have a swing-rich client who is unable to execute groovlets. so i tried to create something like this in a standalone application without adding to the application-embedded servlet engine (jetty or tomcat).
luckily, i just read an article about a simple http server inside a standard java library. i decided to use some of its ideas.
let's start from main:
my problem, however, is that we don't just have a server, but we also have a swing-rich client who is unable to execute groovlets. so i tried to create something like this in a standalone application without adding to the application-embedded servlet engine (jetty or tomcat).
luckily, i just read an article about a simple http server inside a standard java library. i decided to use some of its ideas.
let's start from main:
public class main { public static void main(string[] args) { // you can set port number from command line or leave it hardcoded httpbackdoorrunner runner = new httpbackdoorrunner(18999, true); runner.start(); } }let's continue in groovy because it is simpler :)
import com.sun.net.httpserver.httpserver import java.util.concurrent.executors /** * this class starts the server with our handler (embedded server is not servlet container!) */ class httpbackdoorrunner { final int port final boolean silent httpbackdoorrunner(int port, boolean silent) { this.port = port this.silent = silent } def start() { try { inetsocketaddress addr = new inetsocketaddress(port); httpserver server = httpserver.create(addr, 0); server.createcontext("/", new backdoorhandler()); server.setexecutor(executors.newcachedthreadpool( )); server.start(); } catch(exception e) { if (silent) { // ignore } else throw new runtimeexception(e) } } }
now - the http requests handler:
/** * i need this abstraction level to reuse script running code in groovlet and standalone backdoor * the way, you receive script text is different in those two situations */ class backdoorscriptrunner { void runscript(script, responsebody, uri) { def scriptoutput = new bytearrayoutputstream() if (script) { // redirect output def saveout = system.out def stream = new printstream(scriptoutput) system.out = stream try{ def result = new groovyshell().run(script, "dynamic.groovy"); } catch (throwable e) { e.printstacktrace(stream); } system.out = saveout } responsebody.println createhtml(uri, script, scriptoutput) responsebody.close(); } string createhtml(uri, script, scriptoutput) { """ < form action="${uri}" method="post"> < h2>backdoor code comes here:
< textarea cols="120" rows="5" name="groovyscript"> ${script ? script : ""}< /textarea> < br> < input type="submit" value="go!" /> < /form> < br> ${scriptoutput.tostring() ? "< h2>output< /h2>< pre>${scriptoutput}< /pre>" : ""} """ } }
and now - start it up!

Java (programming language)
app
Opinions expressed by DZone contributors are their own.
Comments