pwnypack.php – PHP related functions


Serialize a value for use with PHP’s deserialize() function. This function can serialize bytes, strings, integers, floats, booleans, None, lists, dicts and custom objects implementing __php__().

Parameters:value – The value to serialize.
Returns:The serialized form of value ready to be unserialized by PHP.
Return type:bytes


>>> from pwny import *
>>> php_serialize([b'foo', u'bar', 42, 2.5, True, None, {'a': 'b'}])
class pwnypack.php.PhpObject(class_name, properties=None)

Bases: object

Helper class to represent PHP objects for serialization using php_serialize().

Instances of this class act like a dictionary of properties that should be set on the deserialized PHP instance. You can prefix the property names with 'public ', 'protected ' or 'private ' to ensure the correct instance variables are set.

  • class_name (str) – The name of the PHP class to use when deserializing.
  • properties (dict) – The properties to deserialize in this instance.


>>> from pwny import *
>>> o = PhpObject('Foo\Bar', {'protected fg': '#000000'})
>>> php_serialize(o)