# Demo: 2. Modify the Class file

1. Unzip a WAR file
2. Decompile class files using Procyon
3. Edit Java source directly and deploy (with expected errors)
4. Modify class files using a Java class editor (without recompiling) and deploy successfully

***

### 🧩 1. Unzip the WAR File

To inspect or modify the contents of a WAR file:

```bash
jar -xvf ../demo.war
```

Or use any archive tool like 7-Zip or WinRAR to extract it.

***

### 🔍 2. Decompile Class Files Using Procyon

Procyon is a powerful Java decompiler. To use it:

1. Download the Procyon CLI jar from [GitHub](https://github.com/mstrobel/procyon).
2. Run the decompiler:

```bash
java -jar procyon-decompiler.jar Demo2App.class > Demo2App.java
```

<figure><img src="/files/FmigEUpwVzFLMqYIaMYU" alt=""><figcaption><p>The decomplied coding is different from the orginal version</p></figcaption></figure>

***

### ⚠️ 3. Directly Edit Class File and Deploy (With Errors)

If you edit the Java `.class` file directly and try to repackage and deploy without recompiling:

1. Modify the `.java` file (e.g., change the message in `Demo2App.getMessage()`).
2. Repackage the WAR (without compiling):

```bash
jar -cvf demo.war *
```

3. Deploy to Tomcat by copying the WAR to the `webapps/` folder.

🛑 This will fail because Tomcat runs `.class` files, and your `.java` edits are ignored unless recompiled.

<figure><img src="/files/XT22jvz1MJ39tReYlFka" alt=""><figcaption></figcaption></figure>

***

### 🛠️ 4. Edit Using a Java Class Editor (Without Recompiling)

To modify behaviour without source code or recompilation:

1. Use a bytecode editor like:
   * [CFR + Bytecode Viewer](https://bytecodeviewer.com/)
   * [Java Class File Editor](https://sourceforge.net/projects/classeditor/)
   * [JBE GUI](https://sourceforge.net/projects/jbe/)
2. Open `Demo2App.class`&#x20;
3. Locate the incorrect URL

<figure><img src="/files/7yNk0vupZcv1uVUsJJOx" alt=""><figcaption></figcaption></figure>

1. Modify the return string  in the bytecode.
2. Save the `.class` file and repackage the WAR:

```bash
jar -cvf Demo.war *
```

6. Deploy to Tomcat again — this time it works without compilation errors.
7. The problem is fixed

***


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://calvin-lai.gitbook.io/calvin-lai-security/application-security/modifying-and-protecting-java-class-files/modify-a-class-file-inside-a-war-file/demo-2.-modify-the-class-file.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.