Remove ysoserial markers in generated classes and properties names

- Make class name prefix parameterized - Make exploits parameterized as for the main method
frohoff · Mar 20, 2024 · 3d97219 · 3d97219
1 parent 204edbb
commit 3d97219
Show file tree

Hide file tree

Showing 19 changed files with 758 additions and 677 deletions.
diff --git a/README.md b/README.md
@@ -49,7 +49,8 @@ However, maven should be able to import this dependency as this project now impo
 ```shell
 $  java -jar ysoserial.jar
 Y SO SERIAL?
-Usage: java -jar ysoserial-[version]-all.jar [payload] [arguments ...]
+Usage: java -Dysoserial.class_prefix='javax.objects.Object' -jar ysoserial-[version]-all.jar [payload] [arguments ...]
+Override generated classes prefix using 'ysoserial.class_prefix' property (default: javax.objects.Object)
   Available payload types:
      Payload             Authors                     Dependencies
      -------             -------                     ------------

diff --git a/src/main/java/ysoserial/GeneratePayload.java b/src/main/java/ysoserial/GeneratePayload.java
@@ -36,12 +36,15 @@ public static void main(final String[] args) {
 			if(payloadArgs.length == 0) {
 				if (payload instanceof ParameterizedObjectPayload) {
 					System.err.println(((ParameterizedObjectPayload) payload).getHelp());
+					System.err.println("Override generated classes prefix using 'ysoserial.class_prefix' property (default: javax.objects.Object)");
 				} else {
 					System.err.println("Usage: java -jar ysoserial-[version]-all.jar "+ payloadType +" '[command]'");
+					System.err.println("Override generated classes prefix using 'ysoserial.class_prefix' property (default: javax.objects.Object)");
 				}
 				System.exit(USAGE_CODE);
 				return;
 			}
+
 			final Object object;
 			if (payload instanceof ParameterizedObjectPayload) {
 				ParameterizedObjectPayload parameterizedPayload = (ParameterizedObjectPayload)payload;
@@ -82,7 +85,8 @@ public static void main(final String[] args) {
 
 	private static void printUsage() {
 		System.err.println("Y SO SERIAL?");
-		System.err.println("Usage: java -jar ysoserial-[version]-all.jar [payload] [arguments ...]");
+		System.err.println("Usage: java -Dysoserial.class_prefix='javax.objects.Object' -jar ysoserial-[version]-all.jar [payload] [arguments ...]");
+		System.err.println("Override generated classes prefix using 'ysoserial.class_prefix' property (default: javax.objects.Object)");
 		System.err.println("  Available payload types:");
 
 		final List<Class<? extends ObjectPayload>> payloadClasses =