Extension is not working with new version of Burp

[LiliaNaumeiko]

Hello,

First of all, thank you for creating such nice extension.

I used Deserialization-Scanner efficiently with applications which potentially are vulnerable to Insecure JAVA Deserialization. Although after update of Burp Suite to the recent version, extension is not working any more.

For a proof, application vulnerable to Insecure JAVA Deserialization was tested manually and in exploiting tab, but extension did not show the issue is present. For tested scope was used Practice Burp Exam, which is vulnerable to Insecure JAVA Deserialization definitely.

Manual testing tab

Exploiting tab

As I can see this problem is the same for other users, so the question is do you support this extension and can you help users to make it working?

Best Regards,
Lilia

[guusec]

this is still happening btw

[BigDaddyJake]

Same for me, scanner has never has worked for me since I started using it ~ 4 months ago. Always shows "not vulnerable" no matter what, which is clearly incorrect.

[nobodynate]

@LiliaNaumeiko @guusec @BigDaddyJake as the error message says you should check STDERR for some clues about what's wrong.
Extensions > Installed > Java Deserialization Scanner > Errors

It's worth noting that if you've NEVER had this working you need to install jdk 11 and get a copy of ysoserial. Then in the plugin's settings you have to tell the plugin where it can find the ysoserial.jar file.

[agilfachrian]

I got the same problem, here is the result of STDERR when doing Attack

I am using Windows and already changed jdk11 but still have the same problem