A Burp Extender to check for struts 2 RCE vulnerabilities.
This burp extension helps identify Struts2 remote code execution vulnerabilities in the struts2 web application. This Burp extension detects the following 18 RCEs:
- S2-001
- S2-007
- S2-008
- S2-012
- S2-013
- S2-014
- S2-015
- S2-016
- S2-019
- S2-029
- S2-032
- S2-033
- S2-037
- S2-045
- S2-048
- S2-053
- S2-057
- S2-DevMode
Burp Suite->Extender->Add->Select the Struts.jar file->Next.
Once loaded without any error a new tab will pop up within the existing burp instance.
A single HTTP request can be scanned just by Right-clicking on the selected request and clicking on 'Check for Struts RCE'.
Scanning multiple requests or scanning a complete application requires a complete crawl of the application. Note, this extension will not attempt to find any new parameter rather it will target only the existing parameters.
Burp->Target->Site map->Contents->Select all the URLs to be scanned->Right click->'Check for Struts RCE'.
If the URL or any parameter is prone to any Struts2 vulnerabilities it will populate under the “Struts Finder” tab. If not vulnerable, no data will reflect.
Note: Make sure Extender is checked under Session Handling Rules.
Burp->Project options->Session Handling Rules->Click on Edit->Scope->Tools Scope->Check mark Extender->Save.
Credits
- Prakhar Athreya