Readable Thrift makes binary Thrift protocol messages easy to work with by converting them to and from a human-friendly format. This makes manual analysis of and tampering with binary format Thrift messages just as easy as working with plaintext protocols like HTTP.
The library is implemented in Java, enabling integration with extensions for popular web application testing tools that run on the JVM, such as Burp and ZAP. All one has to do to get an analysis or tampering tool up and running is parse out the appropriate bytes and pass them to the codec.
See the tool, here: https://github.com/nccgroup/readable-thrift
Here are some related articles you may find interesting
Breaking Pedersen Hashes in Practice
The Pedersen hash function has gained popularity due to its efficiency in the arithmetic circuits used in zero-knowledge proof systems. Hash functions are a crucial primitive in cryptography, and zero-knowledge proof systems often make heavy use of them, for example when computing Merkle tree roots and paths. Instead of being…
A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM
About four months ago, in October 2022, I was idly poking around the “ICE TEA” leak. This leak was of particular interest to me, because it happened to expose the source code for Intel’s Alder Lake platform BIOS. It’s always fun to finally get to see the code for modules…
Making New Connections – Leveraging Cisco AnyConnect Client to Drop and Run Payloads
The Cisco AnyConnect client has received a fair amount of scrutiny from the security community over the years, with a particular focus on leveraging the vpnagent.exe service for privilege escalation. A while ago, we started to look at whether AnyConnect could be used to deliver payloads during red team engagements…
View articles by category
如有侵权请联系:admin#unsafe.sh