Attacking JAVA Serialized Communication
- Type
- Paper
- Tags
- Java
- Authors
- Manish Saindane
- Event
- Black Hat EU 2010
- Indexed on
- Mar 26, 2013
- URL
- https://media.blackhat.com/bh-eu-10/whitepapers/Saindane/BlackHat-EU-2010-Attacking-JAVA-Serialized-Communication-wp.pdf
- File name
- BlackHat-EU-2010-Attacking-JAVA-Serialized-Communication-wp.pdf
- File size
- 854.6 KB
- MD5
- e472656ce7371218e3a043f6a9b56f70
- SHA1
- c0e7c6ea1638cb2581e2dc23e99052efc44fcf01
Many applications written in JAVA make use of Object Serialization to transfer full blown objects across the network via byte streams or to store them on the file system. While Penetration Testing applications communicating via Serialized Objects, current tools/application interception proxies allow very limited functionality to intercept and modify the requests and responses like in typical web applications. I'm trying to introduce a new technique to intercept such Serialized communication and modify it to perform penetration testing with almost the same ease as testing regular web applications. For achieving this I have developed a plug-in for Burp Suite as a proof-of-concept. What makes this technique unique is that it is completely seamless and gives the penetration tester the same control and power that an application developer has.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
