Java-Deserialization-Scanner
Java-Deserialization-Scanner copied to clipboard
federicodotta
All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
So... This lab has a java deserialization in the cookie, which is base64 + url encoded https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-exploiting-java-deserialization-with-apache-commons When I send the request to Java deserialization scanner and I set the...
Bumps commons-io from 2.6 to 2.7. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Burp Version: Professional 2.0.11beta Java Deserialization Scanner v0.5 ysoserial-0.0.6-SNAPSHOT-all.jar compiled (on Windows) as follows: `mvn clean package -DskipTests -Dhibernate5` Noticed a problem where due to a typo, the extension gets...
ascii hex magic selected for detection translates to "aced" in ASCII which could be very well be a variable name or portion of text in variable. example variable name placed...
Hello, First of all, thank you for creating such nice extension. I used Deserialization-Scanner efficiently with applications which potentially are vulnerable to Insecure JAVA Deserialization. Although after update of Burp...
While doing a vulnerable lab the scanner detected RCE using `CommonsCollections3` alt payloads 3 and 4 with gzip and base64. Exploitation was failing. A colleague suggested I brute force the...
Hi How can I add another way to recognize the scanner? Some sites use nginx and ping-dns cannot be used. For example, adding cmd to the header like this exploit:...
Metadata
Owner
Metadata
All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities