Burp Suite User Forum

Login to post

Java Deserialization Scanner

Lilia | Last updated: Oct 30, 2022 09:52PM UTC

Hello, It was checked that Java Deserialization Extension is not working properly anymore. It does not provide correct results while scanning vulnerable to Insecure Deserialization web application. I hope someone can help me how it is possible to configure this extension with new version of Burp, to enable proper work with serialized objects.

Ben, PortSwigger Agent | Last updated: Oct 31, 2022 12:14PM UTC

Hi, On a general note, we do not write or maintain the extensions that are in our BApp Store - we simply host them for the benefit of our users. If you believe that there are issues with a specific extension then we would recommend that you get in touch directly with the author on their GitHub repository and, for this particular extension, you can do so below: https://github.com/federicodotta/Java-Deserialization-Scanner/issues In terms of this specific extension, running a scan against a couple of our deliberately vulnerable sites does seem to identify serialization issues via this extension. Are you able to clarify why you believe this extension is no longer working in an optimum fashion (and, if possible, what sites you used to test this)?

You need to Log in to post a reply. Or register here, for free.