Awesome

Introduction

BurpJDSer is a Burp plugin that will deserialze/serialize Java request and response to and from XML with the use of Xtream library (http://xstream.codehaus.org/)

Usage

##1 Find and download client *.jar files

• Burp: view HTML response for embedded jar files
• Alternatively, look through browser's cache

##2 (Optional) Search for sensitive information

• Use JD-GUI to open jar file. File --> Save all sources to a location
• What to search: hardcoded password, SQL string, SSN, Credit card, etc.

##3 Start Burp plugin java -classpath burp.jar;burpjdser.jar;xstream-1.4.2.jar;[client_jar] burp.StartBurp *** Note: in case there're multiple jars, copy them all into a folder and use this to start Burp:

java -classpath burp.jar;burpjdser.jar;xstream-1.4.2.jar;"[Absolute path to jars folder]"/* burp.StartBurp 

##4 Inspect serialized Java traffic

• Serialized Java request/response will be automatically converted to XML. Decoded XML should be in "Edited Request" and "Original Response" tabs.
• Fuzz the request using Repeater/Intruder. Request will be automatically serialized back to binary format and response will be deserialized in XML format

##5 Bypass client-side authorization: Sometimes the client rely on server for authorization check. In case you may want to modify the serialized response to bypass it:

• Inspect proxy response for possible authorization check
• Modify potentially abusive parameters to bypass client-side restrictions