As you know, we can see a list of AID of applets reside on a smart card using gpj -list or using similar commands in another tools (such as gpshell, gp , opensc-tool ...)
I want to know is there any way to hide an applet to list in the response of these kind of commands? I mean uploading an applet in a way that when we use gpj -list, the smart card doesn't return its AID!
In order to list the AIDs of applets, executable load files and security domains, all these tools generate GET STATUS APDUs, which first need to establish a secure channel to the ISD.
So if I didn't want the world to know that a specific applet is installed in the card, I would rotate the ISD keys.
If I were even more paranoid, wanting to limit not only applet listing, but also checks for my applet existence, I would make it not selectable.
Related
I am trying, from a sandboxed menubar application, to get the selected (highlighted) text in the current application.
I was using accessibility before and traversing the main menu of the application until finding the copy item but unfortunately, I need to sandbox the application and this is no more a valid approach.
I would like to simulate the ⌘ + C keyboard shortcut but so far all my attempts failed.
so far all my attempts failed
There is a reason for that...
A core purpose of the sandbox is to provide isolation between applications, to prevent one application from accessing the data of another. So what you are asking is how to break out of the sandbox...
If you are writing accessibility software take a look at How to use Accessibility with sandboxed app? for maybe the smallest glimmer of a hope.
Otherwise your current path is a (hopefully, its a sandbox) dead-end, security has a price, sorry.
I am rather new to using automated testing tools, and as a practical learning exercise, I have been trying to test a small web application using HP UFT 12.02(I updated to 12.51, but am now running into the same issue). The web app was created using the Ionic mobile development framework. I have run into a roadblock and haven't been able to find an answer or similar experience recorded anywhere.
I am not certain whether the problem I have is with UFT, the browser, or with the actual application itself.
I am using IE 11 to test the application. The UFT plugin for Firefox has been disabled at our site, and Chrome is not supposed to be installed on our machines, so I may have some awkward technical constraints.
I've tried recording my actions, and the only success I've had is using the "Insight Recording" mode. In order to make the test readable, I have to do a lot of manual inspection of the objects and renaming. Unfortunately, it seems there is a limitation to what I can select or inspect using UFT's tools.
Using the Object Spy, it seems that I can only select top-level web elements, and for the most part, it seems to work OK. But here is the blocker:
In the app, there is a form that contains a series of pop-up selectors that allow me to select a building, a floor, and a date to reserve a space on that building's floor.
Selector Screen from office reservation application
In IE, if I click the first selector (the Site), nothing happens--regardless of whether I have pop-ups blocked or not. I get the same result performing a manual test on any of those selectors outside of UFT.
If I perform a manual test in Firefox, I get an ion-alert object that contains a series of radio buttons and OK/Cancel
If I inspect the element with Object Spy, I get a "Web Element" that includes the entire contents of the
This includes the form title, all the ion-select elements and labels, etc (way too long to include in this question).
Object Spy view of the site selector object
Is it possible to select an individual element within the form without resorting to x,y coordinates on the screen or window? If so, how? I cannot guarantee who will be running the test in future, nor how their screen or browser dimensions will be set.
I would like to add functionality to the AtTask system by "adding a layer".
What I want to know is whether this can be achieved with a plug-in for Internet Explorer.
To give a concrete example:
This extra layer would allow users to click on "Online Edit" document (which is not available right now). The linked application will open, and when you click save, the file is loaded back to AtTask.
All this happens in the background via the AtTask API, and is transparent to the user.
The question is: is it possible to add functionality to a site by somehow adding layers?
Last comment: this plug-in (or whatever needs to be installed inbto the browser) will only be visible/active when accesing the AtTask website.
Thanks in advance for your responses.
Within the confines of AtTask your best bet is to use an "External Page" create a service that handles the data in the manner you need.
The Dashboard that contains your External Page can be added as a tab via Layout Templates.
Most of the heavy lifting would have to be handled by your application. You would have to link the document(s) you wish to edit.
Some sort of referrer would be necessary to place the revised document back into AtTask. The method in which the client can do this would be determined by your preference and requirements. I am sure you can find some sort of Wiz-Bang jQuery uploader.
Depending on the level of control you have with your user base, you could make an Application URL
Windows : Registering an Application to a URI Scheme
OS X : Launching Scripts from Webpage Links
I do not know of any other way to handle this other than what Steve suggested.
Having said that a possible solution to this is to create a new application and iframe in AtTask.
At the top or wherever on the page your application could have a link for "Online Edit". Then you would use javascript to extract the task id, project id or any other needed information you need for the api to get the needed content to edit. Then save using the same api information.
I have not tried this type of method but theoretically it could work.
I have a simple Java applet with several text fields for input.
I would like to be able to somehow cache what the user enters into these fields so that next time they run the applet, they can make a selection from a list of previous inputs.
I have been searching forums and sites and cannot find any way to do this for applets.
Does anyone have a suggestion or a kick in the right direction?
If you're running this in a browser, you could try using cookies.
As well as cookies, here are a few more possibilities.
HTML5 offers Web Storage which can be accessed from the applet using JS.
An applet running in a Plug-In 2 JRE can be deployed using JWS and use the PersistenceService to store data. Here is a demo. of the PersistenceService.
A trusted applet can read/write the local file-system, but probably overkill for this.
Well, well, here we go...
We have a java applet running on a regular browser (ff4+ or ie5+).
I do NOT have access to the java code / servlet. Nor even to the server.
I NEED to send/retrieve data from this applet. This means i must emulate an user onto it by clicking buttons and filling form's textboxes and also return data (after server response) wich ll be inside textboxes.
So the technologies avaibles to be used are C, VB, .NET (webbrowser object mainly), PHP (cUrl avaible), JavaScript, Sniffing the browser/server communication using Fiddler.
We really need this. But if thats impossible so we may have to know also.
The data is owned by my company so no copyrigth is inflicted.
Also i'm open to non traditional solution such as saving the html as an image and then retrieve the data using some OCR software...
Well so any suggestion or pointing directions would be gratefully appreciated.
Thx
Paulo Bueno.
Having to emulate a user browsing is wrought with problems and i would suggest an alternate route, if its feasible. These are the steps I would take:
Grab the applet class or jar from my cache (anyone accessing the page / applet can do this).
Decompile the code into Java source (Using jad or other preferred tool)
Review the process with which the applet communicates to the service
Write an application to submit my data to the service that the applet connects to and handle any responses just as the applet would.
You can run any applet without a browser using the "appletviewer" that is shipped in a JRE. This way it is possible but not practicable to read and send fake input with http://code.google.com/p/windowlicker/ to control the SWING GUI.
But within a regular browser environment with access to the code you would rather do this:
using the "scriptable" and "mayscript" attributes/elements in your object tag. standard browser JREs include a "plugin.jar" that contains the needed function to do this job. This interface lets Java-Applet code communicate vice versa to Javascript, from wich you can do whatever you want (i.e. ajax request)
this topic is rather complex, so check out what google tells us:
http://www.htmlcodetutorial.com/applets/_APPLET_MAYSCRIPT.html
http://www.raditha.com/java/javascript.php
Using this interface is a real pain, so i suggest to implement HTTPRequests within your applet to tell the PHP server whatever you want to tell it.
regards,
Michael
I do NOT have access to the java code / servlet. Nor even to the
server.
Emm... It is quite unusual situation. If you have the applet, of course, you should have access to its src files to modify :)
I NEED to send/retrieve data from this applet. This means i must
emulate an user onto it by clicking buttons and filling form's
textboxes and also return data (after server response) wich ll be
inside textboxes.
Anyway, to "emulate" user you can use the Robot object but still it will demand you to modify the applet code to make it support some additional functionality... As I can remember, JS etc cannot control Java Applet from the outside commands unless the applet does contain JS supported functionality for web page interaction... But still you say you don't have any access to the applet src so there is no information does the applet support netscape.javascript or not and how it support it so it is quite unclear... So I must ask do you have any docs of this applet?
Comming around the question text and getting back to the question title itself which says
"How can I extract data from a Java applet (inside the browser)"
I may suppose to say that
To extract data from Java Applet you can use netscape lib which supports Java Applet and JS interaction example, docs. That is the most optimal way in this case
Good luck
Might not be too difficult to de-compile/change/compile again the applet unless it is obfuscated.
I use JAD.
https://stackoverflow.com/questions/31353/is-jad-the-best-java-decompiler
If you must get your data by interacting with the java applet instead of reverse engineering it, check out FEST (Fixtures for Easy Software Testing). FEST is designed for testing Java Swing GUIs by simulating user interaction, but you can easily use it to automate your applet as well.
Check out the documentation page on testing applets to get started.