Struts2-RCE

A Burp Extender to check for struts 2 RCE vulnerabilities.

Description

This burp extension helps identify Struts2 remote code execution vulnerabilities in the struts2 web application. This Burp extension detects the following 18 RCEs:

S2-001
S2-007
S2-008
S2-012
S2-013
S2-014
S2-015
S2-016
S2-019
S2-029
S2-032
S2-033
S2-037
S2-045
S2-048
S2-053
S2-057
S2-DevMode

Loading the extension

Burp Suite->Extender->Add->Select the Struts.jar file->Next.

Once loaded without any error a new tab will pop up within the existing burp instance.

Usage

A single HTTP request can be scanned just by Right-clicking on the selected request and clicking on 'Check for Struts RCE'.

Scanning multiple requests or scanning a complete application requires a complete crawl of the application. Note, this extension will not attempt to find any new parameter rather it will target only the existing parameters.

Burp->Target->Site map->Contents->Select all the URLs to be scanned->Right click->'Check for Struts RCE'.

If the URL or any parameter is prone to any Struts2 vulnerabilities it will populate under the “Struts Finder” tab. If not vulnerable, no data will reflect.

Note: Make sure Extender is checked under Session Handling Rules.

Burp->Project options->Session Handling Rules->Click on Edit->Scope->Tools Scope->Check mark Extender->Save.

Credits

Prakhar Athreya

About

A Burp Extender for checking for struts 2 RCE vulnerabilities.

struts2-rce burp-extensions struts2