Home

Awesome

Introduction

BurpJDSer is a Burp plugin that will deserialze/serialize Java request and response to and from XML with the use of Xtream library (http://xstream.codehaus.org/)

Usage

##1 Find and download client *.jar files

##2 (Optional) Search for sensitive information

##3 Start Burp plugin java -classpath burp.jar;burpjdser.jar;xstream-1.4.2.jar;[client_jar] burp.StartBurp *** Note: in case there're multiple jars, copy them all into a folder and use this to start Burp:

java -classpath burp.jar;burpjdser.jar;xstream-1.4.2.jar;"[Absolute path to jars folder]"/* burp.StartBurp 

##4 Inspect serialized Java traffic

##5 Bypass client-side authorization: Sometimes the client rely on server for authorization check. In case you may want to modify the serialized response to bypass it: