Listen内存马分析
-
Listen自建代码下断点,Debug调试
-
invoke:116,StandardHostValve点击,展开context
- applicationListeners
- applicationEventListenersList
- 复制context的值StandardEngine[Catalina].StandardHost[localhost].StandardContext[/ListenShell_war_exploded]
-
右击applicationListeners跳转至源,点击置顶代码块观察类的继承[StandardContext.java]
- public class StandardContext extends ContainerBase implements Context, NotificationEmitter,点击Context
- context存储了监听器的信息
-
Ctrl+f搜索applicationListeners,下翻到第三位[StandardContext.java]
- 发现定义的方法public void addApplicationListener,顾名思义添加Listen监听模式