Java Serial Killer

Burp extension to perform Java Deserialization Attacks using the ysoserial payload generator tool.

Blog https://blog.netspi.com/java-deserialization-attacks-burp/

Chris Frohoff's ysoserial (https://github.com/frohoff/ysoserial)

Requirements: Java 8

Download from the Releases tab: https://github.com/NetSPI/Burp-Extensions/releases

Right-click on a request and select Send to Java Serial Killer

Select the payload that you want, type in the command, and press Serialize

From here you can press Go button to send the request or right-click and send it to another tool.