Freddy Deserialization Bug Finder
A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.
Passive Scanning:
Freddy can passively detect the use of potentially dangerous serialisation libraries and APIs by watching for type specifiers or other signatures in HTTP requests and by monitoring HTTP responses for exceptions issued by the target libraries. For example the library FastJson uses a JSON field $types to specify the type of the serialized object.
Active Scanning:
Freddy includes active scanning functionality which attempts to both detect and, where possible, exploit affected libraries.
Active scanning attempts to detect the use of vulnerable libraries using three methods: exception-based, time-based, and Collaborator-based.