zkar: Java serialization protocol analysis tool
ZKar
ZKar is a Java serialization protocol analysis tool implemented in Go. This tool is still a work in progress, so no complete API document and contribution guide.
ZKar provides:
- A Java serialization payloads parser and viewer in pure Go, no CGO or JDK is required
- From the Java serialization protocol to a Go struct
- A Go library that can manipulate the Java serialization data
- WIP: ysoserial implement in Go
- WIP: Java class bytecodes parser, viewer, and manipulation
- WIP: An implementation of RMI/LDAP in Go
Tests
ZKar is a well-tested tool that passed all ysoserial generated gadgets parsing and rebuilding tests. It means that gadget generating by ysoserial can be parsed by ZKar, and parsed struts can be converted back into bytes string which is equal to the original one.
| Gadget | Package | Parse | Rebuild | Parse Time |
|---|---|---|---|---|
| AspectJWeaver | ysoserial | ✅ | ✅ | 80.334µs |
| BeanShell1 | ysoserial | ✅ | ✅ | 782.613µs |
| C3P0 | ysoserial | ✅ | ✅ | 98.321µs |
| Click1 | ysoserial | ✅ | ✅ | 573.298µs |
| Clojure | ysoserial | ✅ | ✅ | 72.415µs |
| CommonsBeanutils1 | ysoserial | ✅ | ✅ | 461.15µs |
| CommonsCollections1 | ysoserial | ✅ | ✅ | 64.484µs |
| CommonsCollections2 | ysoserial | ✅ | ✅ | 508.918µs |
| CommonsCollections3 | ysoserial | ✅ | ✅ | 564.071µs |
| CommonsCollections4 | ysoserial | ✅ | ✅ | 535.449µs |
| CommonsCollections5 | ysoserial | ✅ | ✅ | 137.609µs |
| CommonsCollections6 | ysoserial | ✅ | ✅ | 68.753µs |
| CommonsCollections7 | ysoserial | ✅ | ✅ | 178.549µs |
| FileUpload1 | ysoserial | ✅ | ✅ | 35.39µs |
| Groovy1 | ysoserial | ✅ | ✅ | 150.991µs |
| Hibernate1 | ysoserial | ✅ | ✅ | 789.674µs |
| Hibernate2 | ysoserial | ✅ | ✅ | 168.624µs |
| JBossInterceptors1 | ysoserial | ✅ | ✅ | 632.581µs |
| JRMPClient | ysoserial | ✅ | ✅ | 32.967µs |
| JRMPListener | ysoserial | ✅ | ✅ | 38.263µs |
| JSON1 | ysoserial | ✅ | ✅ | 2.157225ms |
| JavassistWeld1 | ysoserial | ✅ | ✅ | 468.596µs |
| Jdk7u21 | ysoserial | ✅ | ✅ | 355.01µs |
| Jython1 | ysoserial | ✅ | ✅ | 216.862µs |
| MozillaRhino1 | ysoserial | ✅ | ✅ | 1.775193ms |
| MozillaRhino2 | ysoserial | ✅ | ✅ | 409.124µs |
| Myfaces1 | ysoserial | ✅ | ✅ | 22.997µs |
| Myfaces2 | ysoserial | ✅ | ✅ | 38.131µs |
| ROME | ysoserial | ✅ | ✅ | 485.804µs |
| Spring1 | ysoserial | ✅ | ✅ | 797.469µs |
| Spring2 | ysoserial | ✅ | ✅ | 358.041µs |
| URLDNS | ysoserial | ✅ | ✅ | 21.502µs |
| Vaadin1 | ysoserial | ✅ | ✅ | 438.729µs |
| Wicket1 | ysoserial | ✅ | ✅ | 23.509µs |
| Jdk8u20 | pwntester | ❌ | ❌ | 312.882µs |
Install & Use
Copyright (c) 2022 Phith0n
