How to do it...

  1. Switch to Burp BApp Store and install the Java Serial Killer plugin:

In order to create a scenario using a serialized object, we will take a standard request and add a serialized object to it for the purposes of demonstrating how you can use the extension to add attacker-controlled commands to serialized objects.

  1. Note the new tab added to your Burp UI menu at the top dedicated to the newly-installed plugin.
  2. Navigate to the Mutillidae homepage.
  1. Switch to the Burp Proxy| HTTP history tab and look for the request you just created by browsing to the Mutillidae homepage:

Unfortunately, there aren't any serialized objects ...

Get Burp Suite Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.