【Note】Derbycon 2018: Extending Burp to Find Struts and XXE Vulnerabilities

【Note】Derbycon 2018: Extending Burp to Find Struts and XXE Vulnerabilities

基本信息

Stable 21 Extending Burp to Find Struts and XXE Vulnerabilities Chris Elgee

Burp Better
Extending Burp to Find Struts and XXE Vulnerabilities
Build Cool Things and GIVE THEM AWAY.

Speaker: https://twitter.com/chriselgee

总结

核心论点就是模仿 ActiveScan++ , 添加一些新的扫描策略。

13:46 开始 介绍了一个 Jamf Pro 的 XXE zero day
(就是用作者修改版的 ActiveScan++ 发现的)
可用于探测内网端口开放情况

ActiveScan++

By albinowax (James Kettle), PortSwigger, written in Python

Checks for:

Potential host header attacks
Edge Side Includes
XML input handling
Suspicious input transformation (eg 7*7 => ’49’, \\ => \)
Blind code injection via expression language, Ruby’s open() and Perl’s open()
CVE-2014-6271/6278 ‘shellshock’, CVE-2015-2080, CVE-2017-5638, CVE-2017-12629

Requires Burpsuite Pro, jython, and Collaborator

• #Burpsuite
• #Penetration Testing
• #渗透测试