Belch is a binary protocol pen-testing tool. It is used to aid in automation of testing AMF and Java-Serialization applications.
Belch performs on-the-fly transformation of binary data to human readable XML format. It was tested successfully against AMF version 3 and Java Serialization applications. Belch can be used as a translation peer for any automatic scanner integrating automatic testing to the binary communication. Belch has been tested with various scanners such as BurpSuite, Accunetix, AppScan, Sqlmap etc.
Belch acts as an add-on to Burp Suite proxy.
- Download the latest version of Belch.
- Update the burp-suite jar that is in the /lib/ folder to latest version
- Run the Belch.bat (windows) or the Belch.sh (*nix)
- Configure burp with 2 listeners (one should redirect to the second)
- Enjoy Belch!
The AppSec Labs team