From b0f8fd264ebe32832d083816f09a29188ed8d37f Mon Sep 17 00:00:00 2001 From: Federico Dotta Date: Mon, 1 May 2017 18:12:23 +0200 Subject: [PATCH] Updated version and contributors --- README.md | 8 ++++++-- src/burp/BurpExtender.java | 5 +++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index b185a55..9b35390 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # Java Deserialization Scanner -Java Deserialization Scanner is a Burp Suite plugin aimed at detect and exploit Java deserialization vulnerabilities. It was written by Federico Dotta, a Security Expert at @ Mediaservice.net. +Java Deserialization Scanner is a Burp Suite plugin aimed at detect and exploit Java deserialization vulnerabilities. It was written by Federico Dotta, a Security Advisor at @ Mediaservice.net. The plugin is made up of three different components: @@ -8,7 +8,11 @@ The plugin is made up of three different components: 3. Exploiter, that allow to actively exploit Java deserialization vulnerabilies, using frohoff ysoserial (https://github.com/frohoff/ysoserial) # Author -- Federico Dotta, Security Expert at @ Mediaservice.net +- Federico Dotta, Security Advisor at @ Mediaservice.net + +# Contributors +- Jeremy Goldstein +- Andras Veres-Szentkiralyi # Integration with Burp Suite active and passive scanner Java Deserialization Scanner uses custom payloads generated with a modified version of "ysoserial", tool created by frohoff and gebl, to detect Java deserialization vulnerabilities. The original tool (https://github.com/frohoff/ysoserial) generate payloads for the execution of commands on the system, using the Runtime.exec function. Usually, however, it is not possible to see the output of the command and consequently it is not simple to write a scanner based on this kind of function. The modified version adds the generation of payloads that execute a syncronous sleep function, very useful to check for the presence of the Java deserialization issues in an automated way. diff --git a/src/burp/BurpExtender.java b/src/burp/BurpExtender.java index 63f32e8..99ef07a 100644 --- a/src/burp/BurpExtender.java +++ b/src/burp/BurpExtender.java @@ -288,13 +288,14 @@ public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks) urlBodyAlreadyScanned = new ArrayList(); - stdout.println("Java Deserialization Scanner v0.4 - The all-in-one plugin for the detection and the exploitation of Java deserialization vulnerabilities"); + stdout.println("Java Deserialization Scanner v0.5 - The all-in-one plugin for the detection and the exploitation of Java deserialization vulnerabilities"); stdout.println("Created by: Federico Dotta"); - stdout.println("Contributors: Jeremy Goldstein"); + stdout.println("Contributors: Jeremy Goldstein, Andras Veres-Szentkiralyi"); stdout.println(""); stdout.println("Chains detected by the scanner:"); stdout.println("Apache Commons Collections 3 (four different chains)"); stdout.println("Apache Commons Collections 4 (two different chains)"); + stdout.println("Apache Commons BeanUtils"); stdout.println("Spring (two different chains)"); stdout.println("Java 6 and Java 7 (<= jdk7u21)"); stdout.println("Java 8 (<= jdk8u20)");