Ceci est une ancienne révision du document !
Le PAD pour proposer une amélioration à cette page : https://pad.zenk-security.com/p/merci
JAVA
🛠 A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization . https://github.com/frohoff/ysoserial
🛠 Burp extension to perform Java Deserialization Attacks https://github.com/NetSPI/JavaSerialKiller
🛠 All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities https://github.com/federicodotta/Java-Deserialization-Scanner
Allows you to deserialize java objects to XML and lets you dynamically load classes/jars as needed https://github.com/IOActive/BurpJDSer-ng