Awesome
Collabfiltrator
Exfiltrate blind remote code execution output over DNS via Burp Collaborator.
Authors:
- <a href="https://twitter.com/adam_logue">Adam Logue</a>
- <a href="https://twitter.com/jared_mclaren">Jared McLaren</a>
- <a href="https://twitter.com/ninjastyle82">Frank Scarpella</a>
Requirements:
- Burp Suite Professional 1.7.x or Later
- <a href="https://www.jython.org/download.html">Jython 2.7.1</a>
Support:
Installation in Burp Suite Professional
Currently Supported Platforms:
- Windows
- Linux
Usage:
Select a platform from the dropdown menu, enter the desired command, and press Execute
. A payload will be generated for the platform you choose. Select Copy Payload to Clipboard
, run the generated payload on your target, and wait for results to appear in the output window.
In case you get some garbage, sending a request to read that particular line(s) should get your job done. For example, if you get garbage on line 3-5 of /etc/passwd, you could then do;
tail -n+3 /etc/passwd|head -n3
and replace the garbage with newly received data.
<img src="https://i.imgur.com/tmRqfiY.png"> <img src="https://i.imgur.com/x1Rin8w.png">If you liked this plugin, please consider donating:
BTC: 1GvMN6AAQ9WgGZpAX4SFVTi2xU7LgCXAh2
ETH: 0x847487DBcC6eC9b681a736BE763aca3cB8Debe49
Paypal: paypal.me/logueadam