FastjsonScan:一个简单的Fastjson反序列化检测burp插件-源码
FastjsonScan
一个简单的Fastjson反序列化检测burp插件
我在挖洞的时候看到一些json请求总是想要检测一下有没有Fastjson反序列化问题,本可以直接写一个脚本来跑或者搭配其他被动扫描器来验证,但是我太懒了,先不说burp搭配其他扫描器了,就连找到特定目录下的脚本我都觉得麻烦,所以,我决定一劳永逸地解决这个问题,于是去学习了一下burp插件的写法糊弄出了这个插件
安装方法
下载项目中的FastjsonScan.jar文件
在burp的Extender->Extensions栏,点击Add,选择下载好的jar文件就可以了(执行环境是Java)
如果成功安装,会输出如下信息,如果未能成功安装可以换下jdk版本??我用的1.8
使用方法
使用方法也很简单,就像使用repeater一样,你可以在burp的任何地方选中一个请求右键选择【Send to FastjsonScan
文件下载
资源详情
[{"title":"( 57 个子文件 339KB ) FastjsonScan:一个简单的Fastjson反序列化检测burp插件-源码","children":[{"title":"FastjsonScan-master","children":[{"title":"images","children":[{"title":"json.png <span style='color:#111;'> 52.53KB </span>","children":null,"spread":false},{"title":"menu.png <span style='color:#111;'> 103.42KB </span>","children":null,"spread":false},{"title":"result.png <span style='color:#111;'> 93.88KB </span>","children":null,"spread":false}],"spread":true},{"title":"FastjsonScan.jar <span style='color:#111;'> 27.98KB </span>","children":null,"spread":false},{"title":"README.md <span style='color:#111;'> 1.66KB </span>","children":null,"spread":false},{"title":"FastjsonScan","children":[{"title":"src","children":[{"title":"burp","children":[{"title":"IIntruderAttack.java <span style='color:#111;'> 826B </span>","children":null,"spread":false},{"title":"IMessageEditorTab.java <span style='color:#111;'> 3.78KB </span>","children":null,"spread":false},{"title":"IHttpRequestResponseWithMarkers.java <span style='color:#111;'> 1.68KB </span>","children":null,"spread":false},{"title":"IExtensionStateListener.java <span style='color:#111;'> 976B </span>","children":null,"spread":false},{"title":"IBurpCollaboratorClientContext.java <span style='color:#111;'> 3.83KB </span>","children":null,"spread":false},{"title":"IMessageEditorController.java <span style='color:#111;'> 1.80KB </span>","children":null,"spread":false},{"title":"IScannerInsertionPoint.java <span style='color:#111;'> 6.34KB </span>","children":null,"spread":false},{"title":"ITempFile.java <span style='color:#111;'> 892B </span>","children":null,"spread":false},{"title":"IResponseInfo.java <span style='color:#111;'> 2.25KB </span>","children":null,"spread":false},{"title":"IExtensionHelpers.java <span style='color:#111;'> 14.18KB </span>","children":null,"spread":false},{"title":"IProxyListener.java <span style='color:#111;'> 1.37KB </span>","children":null,"spread":false},{"title":"IParameter.java <span style='color:#111;'> 3.07KB </span>","children":null,"spread":false},{"title":"IScanIssue.java <span style='color:#111;'> 4.05KB </span>","children":null,"spread":false},{"title":"IScanQueueItem.java <span style='color:#111;'> 2.53KB </span>","children":null,"spread":false},{"title":"IScannerCheck.java <span style='color:#111;'> 3.68KB </span>","children":null,"spread":false},{"title":"IHttpRequestResponse.java <span style='color:#111;'> 2.92KB </span>","children":null,"spread":false},{"title":"IBurpCollaboratorInteraction.java <span style='color:#111;'> 1.35KB </span>","children":null,"spread":false},{"title":"IScopeChangeListener.java <span style='color:#111;'> 784B </span>","children":null,"spread":false},{"title":"IResponseVariations.java <span style='color:#111;'> 2.30KB </span>","children":null,"spread":false},{"title":"IScannerInsertionPointProvider.java <span style='color:#111;'> 1.42KB </span>","children":null,"spread":false},{"title":"IHttpRequestResponsePersisted.java <span style='color:#111;'> 784B </span>","children":null,"spread":false},{"title":"IScannerListener.java <span style='color:#111;'> 1023B </span>","children":null,"spread":false},{"title":"IIntruderPayloadGeneratorFactory.java <span style='color:#111;'> 1.43KB </span>","children":null,"spread":false},{"title":"ISessionHandlingAction.java <span style='color:#111;'> 2.12KB </span>","children":null,"spread":false},{"title":"IBurpExtenderCallbacks.java <span style='color:#111;'> 41.69KB </span>","children":null,"spread":false},{"title":"IRequestInfo.java <span style='color:#111;'> 2.57KB </span>","children":null,"spread":false},{"title":"IResponseKeywords.java <span style='color:#111;'> 1.89KB </span>","children":null,"spread":false},{"title":"ITab.java <span style='color:#111;'> 1.12KB </span>","children":null,"spread":false},{"title":"IIntruderPayloadProcessor.java <span style='color:#111;'> 1.68KB </span>","children":null,"spread":false},{"title":"IInterceptedProxyMessage.java <span style='color:#111;'> 4.15KB </span>","children":null,"spread":false},{"title":"IHttpListener.java <span style='color:#111;'> 1.46KB </span>","children":null,"spread":false},{"title":"IMessageEditorTabFactory.java <span style='color:#111;'> 1.49KB </span>","children":null,"spread":false},{"title":"ICookie.java <span style='color:#111;'> 1.74KB </span>","children":null,"spread":false},{"title":"burp.iml <span style='color:#111;'> 419B </span>","children":null,"spread":false},{"title":"IMenuItemHandler.java <span style='color:#111;'> 1.18KB </span>","children":null,"spread":false},{"title":"ITextEditor.java <span style='color:#111;'> 2.83KB </span>","children":null,"spread":false},{"title":"IBurpExtender.java <span style='color:#111;'> 1007B </span>","children":null,"spread":false},{"title":"IContextMenuFactory.java <span style='color:#111;'> 1.42KB </span>","children":null,"spread":false},{"title":"BurpExtender.java <span style='color:#111;'> 15.66KB </span>","children":null,"spread":false},{"title":"IContextMenuInvocation.java <span style='color:#111;'> 5.98KB </span>","children":null,"spread":false},{"title":"IHttpService.java <span style='color:#111;'> 1016B </span>","children":null,"spread":false},{"title":"IIntruderPayloadGenerator.java <span style='color:#111;'> 1.75KB </span>","children":null,"spread":false},{"title":"IMessageEditor.java <span style='color:#111;'> 2.52KB </span>","children":null,"spread":false}],"spread":false}],"spread":true},{"title":"out","children":[{"title":"artifacts","children":[{"title":"FastjsonScan_jar","children":[{"title":"FastjsonScan.jar <span style='color:#111;'> 27.98KB </span>","children":null,"spread":false}],"spread":true}],"spread":true}],"spread":true},{"title":".idea","children":[{"title":".gitignore <span style='color:#111;'> 176B </span>","children":null,"spread":false},{"title":"misc.xml <span style='color:#111;'> 403B </span>","children":null,"spread":false},{"title":"encodings.xml <span style='color:#111;'> 159B </span>","children":null,"spread":false},{"title":"artifacts","children":[{"title":"FastjsonScan_jar.xml <span style='color:#111;'> 302B </span>","children":null,"spread":false}],"spread":true},{"title":"project-template.xml <span style='color:#111;'> 89B </span>","children":null,"spread":false},{"title":"description.html <span style='color:#111;'> 97B </span>","children":null,"spread":false},{"title":"modules.xml <span style='color:#111;'> 264B </span>","children":null,"spread":false}],"spread":true},{"title":"FastjsonScan.iml <span style='color:#111;'> 425B </span>","children":null,"spread":false}],"spread":true}],"spread":true}],"spread":true}]
评论信息
其他资源
- VIVADO学习经典教程
- BLHeliSuite16714901调试软件及教程
- 物流agv小车模拟代码
- 基于FFT的相位解包裹(相位解缠)
- 学术会议海报合集
- 遗传算法优化的BP神经网络 - MATLAB源码详细注释.rar
- 微信小程序商城完整源代码
- Introduction to Computing Systems 2nd edition
- OgreCommandLineTools、torchlight-to-blender 2019-2-13所有版本集合 ogre_import.py
- 基于发布的工作流程-源码
- SPFD5408A_VGL 鎖死解除方法.doc
- 短信验证码/短信通知API接口文档
- Xilinx spratan3 xcs100E(VGA PS2).7z
- 【Java项目源码】校园订单管理系统.zip
- XFcorexy结构3D打印机清单图纸固件.rar
- matlab 磁场数值限差分与有限元法
- esp8266和电脑连接使用的java源码,双通道
- vb.net AES加密解密模块 VS2010
- GATE 自然语言处理
- Android简易计算器
- Java Web项目开发案例精粹18-航空订票系统
- uv,pv统计的Java实现UVPVCount
免责申明
【只为小站】的资源来自网友分享,仅供学习研究,请务必在下载后24小时内给予删除,不得用于其他任何用途,否则后果自负。基于互联网的特殊性,【只为小站】 无法对用户传输的作品、信息、内容的权属或合法性、合规性、真实性、科学性、完整权、有效性等进行实质审查;无论 【只为小站】 经营者是否已进行审查,用户均应自行承担因其传输的作品、信息、内容而可能或已经产生的侵权或权属纠纷等法律责任。
本站所有资源不代表本站的观点或立场,基于网友分享,根据中国法律《信息网络传播权保护条例》第二十二条之规定,若资源存在侵权或相关问题请联系本站客服人员,zhiweidada#qq.com,请把#换成@,本站将给予最大的支持与配合,做到及时反馈和处理。关于更多版权及免责申明参见 版权及免责申明
本站所有资源不代表本站的观点或立场,基于网友分享,根据中国法律《信息网络传播权保护条例》第二十二条之规定,若资源存在侵权或相关问题请联系本站客服人员,zhiweidada#qq.com,请把#换成@,本站将给予最大的支持与配合,做到及时反馈和处理。关于更多版权及免责申明参见 版权及免责申明