- Switch to Burp BApp Store and install the Java Serial Killer plugin:
In order to create a scenario using a serialized object, we will take a standard request and add a serialized object to it for the purposes of demonstrating how you can use the extension to add attacker-controlled commands to serialized objects.
- Note the new tab added to your Burp UI menu at the top dedicated to the newly-installed plugin.
- Navigate to the Mutillidae homepage.
- Switch to the Burp Proxy| HTTP history tab and look for the request you just created by browsing to the Mutillidae homepage:
Unfortunately, there aren't any serialized objects ...