Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
des_outils_pour_la_deserialisation [2019/10/22 10:03] M0N5T3R |
des_outils_pour_la_deserialisation [2020/09/21 00:33] (Version actuelle) M0N5T3R |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
+ | FIXME **Le PAD pour proposer une amélioration à cette page :** https://pad.zenk-security.com/p/merci | ||
- | **Le PAD pour proposer une amélioration à cette page :** https://pad.zenk-security.com/p/merci | + | ====== Des outils pour la Déserialisation ====== |
+ | |||
+ | |||
+ | |||
+ | |||
+ | **PHP** | ||
+ | |||
+ | |||
+ | 🛠 PHPGGC https://github.com/ambionics/phpggc | ||
Ligne 17: | Ligne 26: | ||
- | Allows you to deserialize java objects to XML and lets you dynamically load classes/jars as needed https://github.com/IOActive/BurpJDSer-ng | + | 🛠 Allows you to deserialize java objects to XML and lets you dynamically load classes/jars as needed https://github.com/IOActive/BurpJDSer-ng |
+ | |||
+ | |||
+ | 📔 The cheat sheet about Java Deserialization vulnerabilities https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet | ||
+ | |||
+ | |||
+ | 📔 Explication en Francais de ce qu'est la déserialisation https://connect.ed-diamond.com/MISC/MISC-101/Deserialisation-Java-une-breve-introduction-au-ROP-de-haut-niveau | ||
+ | |||
+ | |||
+ | |||
+ | **Java (JBOSS)** | ||
+ | |||
+ | |||
+ | 🛠 JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool https://github.com/joaomatosf/jexboss | ||
+ | |||
+ | ** autre ** | ||
+ | |||
+ | |||
+ | 🛠 It is designed to help security testers by speeding up manual testing of (web)application and extend the Burp Scanner and Burp Intruder automated test capabilities. | ||
+ | https://github.com/marcotinari/CustomDeserializer | ||
+ | |||