You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
New detection engines: DNS and CPU.
1.1. DNS mode uses Burp Collaborator to detect deserialization vulnerabilities thought DNS resolutions and can be used both in manual testing and directly in Burp Suite Active Scanner.
1.2. CPU mode can be used only in manual testing and must be use with caution. Based on SerialDOS code written by Wouter Coekaerts, it detect serialization vulnerabilities without the presence of any vulnerable library, by employing objects that waste many CPU cycles and time for the deserialization process. It may cause DOS condition if used against old systems or more than a time concurrently against the same system.
New payloads: JDK8 (<= jdk8u20) and Apache Commons BeanUtils
New encoding methods (GZIP and Base64 GZIP), thanks to the contribution of Jeremy Goldstein
