Freddy The (De)serialization Killer

This is a plugin for Burp Suite Pro that helps to detect and exploit deserialization vulnerabilities in web applications. Often this kind of vulnerability leads to remote code or command execution on the affected server.

The plugin is capable of passively detecting, and actively scanning for deserialization vulnerabilities in over 30 Java and .NET libraries and APIs dealing with a range of data serialization formats from binary to JSON and XML.

The plugin can be downloaded from the BApp store within Burp Suite Pro.