Comments (1)
federicodotta
commented on August 19, 2024
1
Hi @mohitmkb,
it should be the CommonsCollections5 payload of ysoserial.
You cannot generate the same payload using frohoff ysoserial because it generates only exec payload for the exploitation. I modified the code to generate sleep and DNS payloads for the detection.
If you need to generate the same payload you can use my ysoserial fork. With this fork you can generate the 10 seconds sleep used for Java Deserialization Scanner as follows:
java -jar ysoserial-fd-0.0.6.jar CommonsCollections5 10000 sleep
It you need to encode the payload, the fork supports also encoding. For example, Base64 + URL:
java -jar ysoserial-fd-0.0.6.jar CommonsCollections5 10000 sleep base64,url_encoding
Federico
from java-deserialization-scanner.
Related Issues (20)
- How are payloads generated? HOT 4
- exploiting tab will not generate the payload HOT 6
- Invalid Payload makes attack buttons grayed out HOT 1
- Add ruby deser. detection HOT 1
- Issue Installing Extension HOT 1
- How to generate Apache Commons Collections 3 Alternate payload 3 (sleep)?
- Java 8 payloads Generation HOT 1
- Error when exploiting - lack of Java 8 support? HOT 5
- Question about Burp and the latest version of the extension HOT 2
- No indication of errors in the manual tab HOT 1
- Incorrectly adds CRLF in front of content-length HOT 2
- plain text format payload is needed HOT 1
- How was the Rhino1 (Sleep) payload generated? HOT 2
- Error Newlines in headers are not allowed HOT 4
- Extension is not working with new version of Burp HOT 4
- run java code with scanner
- Java version for each payload
- Help generating a blind payload for Apache Commons Collections 3 Alternate Payload 2 HOT 2
- Scanner detected wrong library HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from java-deserialization-scanner.