Skip to content

A Burp Extender for checking for struts 2 RCE vulnerabilities.

Notifications You must be signed in to change notification settings

prakharathreya/Struts2-RCE

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 

Repository files navigation

Struts2-RCE

A Burp Extender to check for struts 2 RCE vulnerabilities.

Description

This burp extension helps identify Struts2 remote code execution vulnerabilities in the struts2 web application. This Burp extension detects the following 18 RCEs:

  • S2-001
  • S2-007
  • S2-008
  • S2-012
  • S2-013
  • S2-014
  • S2-015
  • S2-016
  • S2-019
  • S2-029
  • S2-032
  • S2-033
  • S2-037
  • S2-045
  • S2-048
  • S2-053
  • S2-057
  • S2-DevMode

Loading the extension

Burp Suite->Extender->Add->Select the Struts.jar file->Next.

Once loaded without any error a new tab will pop up within the existing burp instance.

Usage

A single HTTP request can be scanned just by Right-clicking on the selected request and clicking on 'Check for Struts RCE'.

Scanning multiple requests or scanning a complete application requires a complete crawl of the application. Note, this extension will not attempt to find any new parameter rather it will target only the existing parameters.

Burp->Target->Site map->Contents->Select all the URLs to be scanned->Right click->'Check for Struts RCE'.

If the URL or any parameter is prone to any Struts2 vulnerabilities it will populate under the “Struts Finder” tab. If not vulnerable, no data will reflect.

Note: Make sure Extender is checked under Session Handling Rules.

Burp->Project options->Session Handling Rules->Click on Edit->Scope->Tools Scope->Check mark Extender->Save.

Credits

  • Prakhar Athreya

About

A Burp Extender for checking for struts 2 RCE vulnerabilities.

Topics

Resources

Stars

Watchers

Forks

Packages

No packages published