Testing Java client applications is not always straightforward as testing web applications. Even under experienced hands, there might be obstacles coming your way; what if you cannot use a proxy? How do you MitM? What if you just can't? How do you modify the app to your benefit? Fortunately, Java is still Java. This lecture is based on a true story, and will follow an interesting case of pen-testing a known product; what tools and techniques can be used in order to jump over hurdles, all the way to the finish line. The lecture aims to enrich the pentester's toolbox as well as mind, when facing Java client applications; MitM-ing, run-time manipulations and patching the code are only some of the discussed cases. In addition, a newly developed proxy for intercepting and tampering with TCP communication over TLS/SSL and bypassing certificate-pinning protections, will be introduced during the lecture.