File tree Expand file tree Collapse file tree 1 file changed +21
-1
lines changed Expand file tree Collapse file tree 1 file changed +21
-1
lines changed Original file line number Diff line number Diff line change 1- # JavaSerialKiller
1+ # Java Serial Killer
2+
3+ Burp extension to perform Java Deserialization Attacks using the ysoserial payload generator tool.
4+
5+ Blog https://blog.netspi.com/java-deserialization-attacks-burp/
6+
7+ Chris Frohoff's ysoserial (https://github.com/frohoff/ysoserial )
8+
9+ Requirements: Java 8
10+
11+ Download from the Releases tab: https://github.com/NetSPI/Burp-Extensions/releases
12+
13+ Right-click on a request and select Send to Java Serial Killer
14+
15+ ![ alt tag] ( https://blog.netspi.com/wp-content/uploads/2016/03/img_56d5dddfa31e3.png )
16+
17+ Select the payload that you want, type in the command, and press Serialize
18+
19+ ![ alt tag] ( https://blog.netspi.com/wp-content/uploads/2016/03/img_56d5de37cf801.png )
20+
21+ From here you can press Go button to send the request or right-click and send it to another tool.
You can’t perform that action at this time.
0 commit comments