Thread: Client Sandboxer

Results 1 to 8 of 8
  1. #1 Client Sandboxer 
    Extreme Donator

    JayArrowz's Avatar
    Join Date
    Sep 2008
    Posts
    104
    Thanks given
    99
    Thanks received
    107
    Rep Power
    810
    Download:
    https://github.com/JayArrowz/Securit...oxedClient.zip

    What this does:
    This sandboxer/class loader will block read/writing to files, connecting to a endpoint via http or socket, Reading env variables and executing runtime operations. Only when it is on the allowed policy will the client be allowed to execute the piece of code. This will block code execution of chrome and discord stealers as long as the proper policies are applied.

    Image:
    Attached image

    Example Policy json file:
    Attached image

    Currently I have only added one RSPS runewild. However this should work for a multitude of other RSPS's, just need to make the correct policy file for them.

    If you are missing a policy perms running the sandbox client via java -jar will show you what you are missing:
    Attached image
    In this case im missing a PropertyPermission with the key: "java.vendor"

    Good luck, Stay safe.
    Reply With Quote  
     


  2. #2  
    08-13, SpawnScape Owner

    jet kai's Avatar
    Join Date
    Dec 2009
    Age
    28
    Posts
    870
    Thanks given
    630
    Thanks received
    957
    Rep Power
    5000
    Good work with this! Hopefully there isn't a way for clients to get around this - would defo be useful with what's going on now a days.
    Reply With Quote  
     

  3. #3  
    Banned
    Join Date
    Oct 2014
    Posts
    14
    Thanks given
    1
    Thanks received
    0
    Rep Power
    0
    Doesn't running clients via Sandboxie do the same type of job or am I wrong?
    Reply With Quote  
     

  4. #4  
    Registered Member
    rebecca's Avatar
    Join Date
    Aug 2017
    Posts
    1,071
    Thanks given
    862
    Thanks received
    915
    Rep Power
    5000
    great contribution jay
    Reply With Quote  
     

  5. #5  
    Extreme Donator

    JayArrowz's Avatar
    Join Date
    Sep 2008
    Posts
    104
    Thanks given
    99
    Thanks received
    107
    Rep Power
    810
    Quote Originally Posted by Ardevon View Post
    Doesn't running clients via Sandboxie do the same type of job or am I wrong?
    It does, but this only works on windows.
    Also this tool can serve as a baseline on how to implement policies properly on the client so that even if a hacker manages to replace your jar file the policies will block malicious code execution
    Reply With Quote  
     

  6. #6  
    Registered Member
    Optimum's Avatar
    Join Date
    Apr 2012
    Posts
    3,570
    Thanks given
    871
    Thanks received
    1,745
    Rep Power
    5000
    Quote Originally Posted by JayArrowz View Post
    It does, but this only works on windows.
    Also this tool can serve as a baseline on how to implement policies properly on the client so that even if a hacker manages to replace your jar file the policies will block malicious code execution
    Wouldn’t they just remove the policy code tho xx

    Quote Originally Posted by DownGrade View Post
    Don't let these no life creeps get to you, its always the same on here. They'd rather spend hours upon hours in the rune-server spam section then getting laid! ha ha!Its honestly pathetic i haven't seen so many lowlifes in my life its actually insane i wish that this section would just vanish its probably the only way to get these people out of the community...
    PLEASE BE AWARE OF IMPOSTERS MY DISCORD ID: 362240000760348683
    Reply With Quote  
     

  7. #7  
    Banned
    Join Date
    Oct 2014
    Posts
    14
    Thanks given
    1
    Thanks received
    0
    Rep Power
    0
    Quote Originally Posted by JayArrowz View Post
    It does, but this only works on windows.
    Also this tool can serve as a baseline on how to implement policies properly on the client so that even if a hacker manages to replace your jar file the policies will block malicious code execution
    Ah I see. Great contribution!
    Reply With Quote  
     

  8. #8  
    Extreme Donator

    JayArrowz's Avatar
    Join Date
    Sep 2008
    Posts
    104
    Thanks given
    99
    Thanks received
    107
    Rep Power
    810
    Quote Originally Posted by Optimum View Post
    Wouldn’t they just remove the policy code tho xx
    They'd have to modify the policy. I guess this policy file should be highly guarded and monitored. Its easier than having to monitor your whole client codebase ;D for exploits which gets pretty daunting.
    Reply With Quote  
     

  9. Thankful users:



Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. Server & Client Download list
    By Link in forum Downloads
    Replies: 64
    Last Post: 01-28-2012, 08:32 PM
  2. Project X client!
    By Crysis in forum Downloads
    Replies: 49
    Last Post: 03-09-2008, 05:51 PM
  3. Replies: 19
    Last Post: 01-10-2008, 10:15 PM
  4. Been editing my client for a few hours...
    By Sam Server in forum RS2 Client
    Replies: 26
    Last Post: 05-12-2007, 08:53 AM
  5. 377 client :D
    By Llama in forum RS2 Client
    Replies: 15
    Last Post: 05-07-2007, 12:38 AM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •