Skip to content
SerialTweaker can be used to load a serialized object, change its contents, and reserialize it to a new serialized object with modified fields inside.
Java
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin
src/com/stefanbroeder/serially/serialtweaker
README.md
pom.xml

README.md

SerialTweaker

SerialTweaker: Interactive modification of Java Serialized Objects

Overview

SerialTweaker can be used to load a serialized object, change its contents, and reserialize it to a new serialized object with modified fields inside.

WARNING! This tool will deserialize input that it is given. It is therefore vulnerable to deserialization attacks by definition. Please make sure the input you use is not malicious, and/or use the tool in an isolated sandboxed environment.

-----------------
Serially - v1.1
by Stefan Broeder
-----------------
Usage:

SerialTweaker -b base64_encoded_java_object [OPTIONS]
SerialTweaker -v url_to_get_viewstate_from [OPTIONS]

OPTIONS:
-k      DES key to decrypt the object. Format: Base64
-d      Maximum depth (to prevent from printing deeply nested objects). Default: 3. To disable, set 0.

For more information about how to use the tool, please see this blog post.

Dependencies

A local repository of jar files is required in ~/.serially/jars. It can be built and indexed with the JavaClassDB.py tool from the EnumJavaLibs project.

You can’t perform that action at this time.