No indication of errors in the manual tab

federicodotta / Java-Deserialization-Scanner

All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities

776 stars 177 forks source link

No indication of errors in the manual tab #24

Closed MarioVilas closed 2 years ago

MarioVilas commented 3 years ago

When there is an error loading ysoserial, in the exploitation tab we can see the corresponding error message, but in the manual tab it just lists every payload as not vulnerable.

federicodotta commented 2 years ago

Hi @MarioVilas,

in the manual testing tab payloads are not generated with ysoserial but are hardcoded in the tool, in order to avoid the dependency of the ysoserial jar at least for the detection task.

If you want to see the full requests/responses you can use Burp Suite logger tool or specific logging extensions (like Logger++).

Federico