NickstaDB/BaRMIe

HACKING.md

v-p-b opened this issue · 0 comments

v-p-b commented

"More documentation on attacking RMI and producing attacks for BaRMIe will be made available in the near future."

Some additional documentation regarding extending this tool would be really useful both for custom targets and upstream improvements. Some topics from the top of my head:

  • Generating headers/footers with ysoserial - As far as I can tell, the modules don't contain the full serialized stream (magic AC ED header is missing for example)
  • How to make deser payloads compatible with fixReferences()
  • High-level code organization