Shell plugin for Burp Suite: from OS Command injection to shell with tab-completion in Burp
I wrote a Burp Suite plugin that offers a Shell-like environment right in burp:
You can download the plugin here:
https://github.com/gnothiseautonlw/burp-shell-fwd-lfi
If some conditions are met, it will offers tab-completion, command history and persistence... just by leveraging an OS Command injection vulnerability and without the need of uploading a web shell or creating a bind or reverse shell.
I wrote an article on how it can be used. That same article also describes the methods used internally by the the plugin to go from just an OS Command injection that has no persistence and tab-completion, to a shell that offers both. You can find it here:
https://docs.google.com/document/d/1Vk-CPFgylO79IJaSRq930qDs7N-rQnVHpRp2I9ooqR8/edit?usp=sharing
Quick Links
Categories
- 4K All Categories
- 2.9K Discussion
- 1.4K Machines
- 523 Challenges
- 26 RastaLabs
- 155 Exploits
- 47 Programming
- 697 Off-topic
- 1.2K Tutorials
- 610 Writeups
- 99 Video Tutorials
- 186 Tools
- 260 Other
- 30 Links
- 30 News
Comments
Nice one!
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.