Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure deserialization active scanner #4112

Open
omerlh opened this issue Dec 4, 2017 · 15 comments
Open

Insecure deserialization active scanner #4112

omerlh opened this issue Dec 4, 2017 · 15 comments
Assignees
@ssyms @jangelesg
Labels
add-on enhancement good first issue An issue ideal for new contributors. IdealFirstBug An issue ideal for new contributors. Same as label "good first issue", kept for legacy reasons.

Comments

@omerlh
Copy link
Contributor

omerlh commented Dec 4, 2017

As already discussed in #3883, this is now part of the new Top 10 - A8. Could be cool to add such an active scan rule - based on this tool could be a good start for .NET...
@omerlh omerlh mentioned this issue Dec 4, 2017
Closed
@kingthorin
Copy link
Member

kingthorin commented Dec 4, 2017
edited
Loading

Other projects or info:

@kingthorin kingthorin added IdealFirstBug An issue ideal for new contributors. Same as label "good first issue", kept for legacy reasons. good first issue An issue ideal for new contributors. labels May 29, 2018
@kingthorin
Copy link
Member

https://github.com/pwntester/ysoserial.net

@sixsec
Copy link

sixsec commented Jul 9, 2019

Another Project that could maybe be ported:
https://github.com/nccgroup/freddy

@kingthorin kingthorin added the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Oct 3, 2019
@kingthorin kingthorin removed the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Nov 4, 2019
@NF997
Copy link

NF997 commented Apr 1, 2020

Has anyone already started to work on this?

@thc202
Copy link
Member

thc202 commented Apr 1, 2020

I don't think so.

@kingthorin kingthorin added the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Oct 1, 2020
@kingthorin kingthorin removed the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Nov 2, 2020
@ssyms
Copy link

ssyms commented Dec 3, 2020

I would potentially be interested in this if it's still open? I couldn't find an insecure deserialization rule in the Active Scan docs, but just want to be sure

@kingthorin
Copy link
Member

This is definitely still available.

@ssyms
Copy link

ssyms commented Dec 3, 2020

Awesome, will start looking into it

@pranavsaxena17
Copy link
Contributor

@ssyms Are you still on this? I would like to look into this.

@ssyms
Copy link

ssyms commented Feb 8, 2021

@pranavsaxena17 Yes, I've been a bit busy since the New Year but I have done some work on it and would like to finish.

@ssyms ssyms mentioned this issue Feb 8, 2021
Closed
@jangelesg
Copy link

Id like to start working on this one; any suggestion I'm new to the team

Greetings

@ssyms
Copy link

ssyms commented May 5, 2021

Hi Jon, I am done implementing functionality for Java deserialization, just working on adding tests. Maybe you could look into integrating the .NET tool? (https://github.com/pwntester/ysoserial.net)

@jangelesg
Copy link

Hi Jon, I am done implementing functionality for Java deserialization, just working on adding tests. Maybe you could look into integrating the .NET tool? (https://github.com/pwntester/ysoserial.net)

I will

@kingthorin kingthorin added the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Oct 1, 2021
@kingthorin kingthorin removed the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Nov 4, 2021
@ricekot
Copy link
Member

ricekot commented Mar 30, 2022
edited
Loading

@ssyms @jangelesg how are things going? do you need any help with this issue?

@ssyms
Copy link

ssyms commented Mar 30, 2022

@ricekot I'm open to this ticket being re-assigned. A lot of personal stuff has come up in the past year and I'm still busy dealing with it.

@kingthorin kingthorin added the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Sep 23, 2022
@kingthorin kingthorin removed the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Dec 19, 2022
@kingthorin kingthorin added the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Oct 2, 2023
@kingthorin kingthorin removed the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Nov 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ssyms ssyms

@jangelesg jangelesg

Labels
add-on enhancement good first issue An issue ideal for new contributors. IdealFirstBug An issue ideal for new contributors. Same as label "good first issue", kept for legacy reasons.
Milestone
No milestone
Development

No branches or pull requests
9 participants
@thc202 @omerlh @kingthorin @ssyms @sixsec @ricekot @jangelesg @NF997 @pranavsaxena17