Skip to content
/ poi-slinger Public

Automatically identify serialization issues in PHP Frameworks by means of an Burp Suite active scan

42 stars 11 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ricardojba/poi-slinger

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

117 Commits
img
img
 
 
res
res
 
 
src
src
 
 
test-extension
test-extension
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
genpayloads.sh
genpayloads.sh
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

GitHub release GitHub issues GitHub Downloads Github Stars GitHub Followers

PHP Object Injection Slinger

This is an extension for Burp Suite Professional, designed to help you scan for PHP Object Injection vulnerabilities on popular PHP Frameworks and some of their dependencies. It will send a serialized PHP Object to the web application designed to force the web server to perform a DNS lookup to a Burp Collaborator Callback Host.

Credits

The payloads for this extension are all from the excellent Ambionics project PHPGGC. PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically. You will need it for further exploiting any vulnerabilities found by this extension.

You should combine your testing with the PHP Object Injection Check extension from Securify so you can identify other possible PHP Object Injection issues that this extension does not pick up.

Build it

Build on Linux:

  • Alpine Linux (Edge)
  • OpenJDK 17.0.6+10-alpine-r0
  • Gradle 7.6

Build the extension on Alpine Linux:

  • Install Gradle and OpenJDK apk add gradle openjdk17
  • Clone the repository cd ~ && git clone https://github.com/ricardojba/poi-slinger && cd ~/poi-slinger/
  • Inside the cloned repository directory, build the Jar with gradle fatJar
  • Jar location ~/poi-slinger/build/libs/poi-slinger-all.jar

Build the extension on OSX:

  • Install Homebrew
  • After installing Homebrew run on a terminal brew install gradle openjdk17
  • Clone the repository cd ~ && git clone https://github.com/ricardojba/poi-slinger && cd ~/poi-slinger/
  • Inside the cloned repository directory, build the Jar with gradle fatJar
  • Jar location ~/poi-slinger/build/libs/poi-slinger-all.jar

Install it

Load the jar manually, in Burp Suite Pro, use Extender -> Extensions -> Add to load the jar file poi-slinger-all.jar You may find the built Jar on the bin directory of this repository. You can also install the extension in Burp Suite Pro, via Extender -> BApp Store -> PHP Object Injection Slinger.

NOTE: Be aware that the BApp Store official version is not being updated with the latest payloads.

Use it

On the Proxy/Target/Intruder/Repeater Tab, right click on the desired HTTP Request and click Send To POI Slinger. This will also highlight the HTTP Request and set the comment Sent to POI Slinger. You can watch the debug messages on the extension's output pane under Extender->Extensions -> PHP Object Injection Slinger

Test it

Check the PHP file on the test-extension directory and read the instructions contained in it, on how to host the file and use it to test this extension.

Example Report

Any findings will be reported as scan issues: alt tag

About

Automatically identify serialization issues in PHP Frameworks by means of an Burp Suite active scan

Topics

burp burp-plugin burpsuite burp-extensions burpsuite-pro burpsuitepro burpsuite-extender

Resources

Readme
Activity

Stars

42 stars

Watchers

2 watching

Forks

11 forks
Report repository

Releases 29

4.0 Latest
Sep 8, 2024
+ 28 releases

Packages

No packages published

Languages