Burp Suite User Forum

Login to post

deserialisation scanner

Louisor | Last updated: Aug 28, 2020 07:40PM UTC

Enable to use the exploitation tab of deserialization scanner to solve some deserialization LAB, when i'm lunching this extention i get this error message : com.nqzero.permit.Permit$InitializationFailed: initialization failed, perhaps you're running with a security manager at com.nqzero.permit.Permit.setAccessible(Permit.java:22) at ysoserial.payloads.util.Reflections.setAccessible(Reflections.java:17) at ysoserial.payloads.util.Reflections.getField(Reflections.java:24) at ysoserial.payloads.util.Reflections.setFieldValue(Reflections.java:34) at ysoserial.payloads.util.Gadgets.createTemplatesImpl(Gadgets.java:129) at ysoserial.payloads.util.Gadgets.createTemplatesImpl(Gadgets.java:102) at ysoserial.payloads.CommonsCollections4.getObject(CommonsCollections4.java:32) at ysoserial.payloads.CommonsCollections4.getObject(CommonsCollections4.java:26) at ysoserial.GeneratePayload.main(GeneratePayload.java:34) Caused by: com.nqzero.permit.Permit$FieldNotFound: field "override" not found at com.nqzero.permit.Permit.<init>(Permit.java:222) at com.nqzero.permit.Permit.build(Permit.java:117) at com.nqzero.permit.Permit.<clinit>(Permit.java:16) ... 8 more

Louisor | Last updated: Aug 28, 2020 08:11PM UTC

and when im using the last version of this tool downloaded on github i get this message : Error while generating or serializing payload com.nqzero.permit.Permit$InitializationFailed: initialization failed, perhaps you're running with a security manager at com.nqzero.permit.Permit.setAccessible(Permit.java:22) at ysoserial.payloads.util.Reflections.setAccessible(Reflections.java:17) at ysoserial.payloads.util.Reflections.getField(Reflections.java:24) at ysoserial.payloads.util.Reflections.setFieldValue(Reflections.java:34) at ysoserial.payloads.util.Gadgets.createTemplatesImpl(Gadgets.java:129) at ysoserial.payloads.util.Gadgets.createTemplatesImpl(Gadgets.java:102) at ysoserial.payloads.CommonsCollections4.getObject(CommonsCollections4.java:32) at ysoserial.payloads.CommonsCollections4.getObject(CommonsCollections4.java:26) at ysoserial.GeneratePayload.main(GeneratePayload.java:34) Caused by: com.nqzero.permit.Permit$FieldNotFound: field "override" not found at com.nqzero.permit.Permit.<init>(Permit.java:222) at com.nqzero.permit.Permit.build(Permit.java:117) at com.nqzero.permit.Permit.<clinit>(Permit.java:16) ... 8 more

Hannah, PortSwigger Agent | Last updated: Sep 01, 2020 09:08AM UTC

Have you tried disabling any security managers you might have operating? You can get in contact with the author for the extension by raising an issue on their GitHub - you can find their repo here: https://github.com/federicodotta/Java-Deserialization-Scanner

You need to Log in to post a reply. Or register here, for free.