BurpJDSer is a Burp plugin that will deserialze/serialize Java request and response to and from XML with the use of Xtream library (http://xstream.codehaus.org/)
##1 Find and download client *.jar files
- Burp: view HTML response for embedded jar files
- Alternatively, look through browser's cache
##2 (Optional) Search for sensitive information
- Use JD-GUI to open jar file. File --> Save all sources to a location
- What to search: hardcoded password, SQL string, SSN, Credit card, etc.
##3 Start Burp plugin java -classpath burp.jar;burpjdser.jar;xstream-1.4.2.jar;[client_jar] burp.StartBurp *** Note: in case there're multiple jars, copy them all into a folder and use this to start Burp:
java -classpath burp.jar;burpjdser.jar;xstream-1.4.2.jar;"[Absolute path to jars folder]"/* burp.StartBurp
##4 Inspect serialized Java traffic
- Serialized Java request/response will be automatically converted to XML. Decoded XML should be in "Edited Request" and "Original Response" tabs.
- Fuzz the request using Repeater/Intruder. Request will be automatically serialized back to binary format and response will be deserialized in XML format
##5 Bypass client-side authorization: Sometimes the client rely on server for authorization check. In case you may want to modify the serialized response to bypass it:
- Inspect proxy response for possible authorization check
- Modify potentially abusive parameters to bypass client-side restrictions