Professional Community
Deserialize Java objects and encode them in XML using the XStream library.
Based in part on khai-tran's work, but rewritten from scratch to work with the new Montoya API.
There are a few methods to locate the required JAR files containing the classes to be deserialized:
.jnlp
file, use jnpdownloader.Use the JDSer
tab to load the JAR files containing the classes you want to deserialize.
Serialized Java content will automatically appear in the Java Object
tab in appropriate locations (Proxy History, Intercept, Repeater, etc.). Any changes made to the XML will serialize back once you switch to a different tab or send the request.
If you get an error that a class was not found, you can add the JAR file containing that class in the JDSer
tab and try again.
The source repository includes a simple Java application that can be used to test the plugin. The application posts a simple serialized Java object to a server. You can use the ./gradlew runExample
command to run the application.
The JAR file containing the classes used in the example application is located in ./build/libs/example-main-SNAPSHOT.jar
.
You can load this JAR file in the "JDSer" tab of the plugin to deserialize the Java objects sent by the example application.
Author |
Author
Omer Cohen |
---|---|
Version |
Version
0.9.1 |
Rating |
Rating |
Popularity |
Popularity |
Last updated |
Last updated
09 July 2025 |
Estimated system impact |
Estimated system impact
Overall impact: Empty
Memory
Empty
CPU
Empty
General
Empty
Scanner
Empty
|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|
You can view the source code for all BApp Store extensions on our GitHub page. |
|
Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates. |
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.