Very high likelihood of false positives #40
Description
The passive scanner in this extension has a very high likelihood of getting false positives, yet it reports them with a specified "Confidence: Firm". For example, opening the URL https://pastebin.com/raw/q5dwzcT0 in the built-in Burp browser (or any other browser proxied through Burp) while having this extension loaded gives me a very clear false positive, just because the string aced is present.
According to https://docs.oracle.com/javase/8/docs/platform/serialization/spec/protocol.html, the following prefix is always present in serialized objects:
final static short STREAM_MAGIC = (short)0xaced;
final static short STREAM_VERSION = 5;
Which means that the matched string could at the very least be extended to be aced0005. This would already greatly reduce the number of false positives. If that change is not made, I'm convinced the confidence should be changed from Firm to Tentative, given that there are plenty of regular occurrences of the string 'aced' that could be in files, for example in JavaScript files containing a function with the name "placed" somewhere.
Perhaps a new Low severity issue could be created, which matches aced0005, with a Firm confidence, and then the current Information issue could be changed to Tentative, which only triggers if aced0005 is not matched, but aced is. That would make it clear that the Information/Tentative findings are much less certain than the Low/Firm findings.