Elusive Thoughts

Pre-requisite : You need to have JDK and Burp installed on your system. Create a working directory called “burp_extension” and create the source file “BurpExtender.java” in the same directory. Here, in this example, the source file would contain both the above classes. Create a directory called “burp” inside the directory “burp_extension” and copy the interface source code files i.e., IBurpExtenderCallbacks, IMenuItemHandler ,etc., provided by Burp. Your extension will look for these files in that path. Also, make sure your “BurpExtender.java” file has this line to import burp package :- Import burp.*; Now, compile the BurpExtender.java file using javac and create a jar file out of both the class files generated by compilation. D:\burp_extension>”C:\Program Files\Java\jdk1.6.0_29\bin\javac.exe” BurpExtender.java D:\burp_extension>”C:\Program Files\Java\jdk1.6.0_29\bin\jar.exe” -cf burpextender.jar BurpExtender.class extendedMenuItem.class Now, burpextender.jar has be...

Sometime ago, many security focused sites and mailing lists were abuzz with the release of a new tool called ShellCodeExec that has the ability to execute alpha numerically created shellcode (as commonly generated with the Metasploit Framework) the link to the tool can be found here . Can be compiled and works on POSIX (Linux/Unices) and Windows systems. Can be compiled and works on 32-bit and 64-bit architectures. Works in DEP/NX-enabled environments: it allocates the memory page where it stores the shellcode as +rwx - Readable Writable and eXecutable. It supports alphanumeric encoded payloads: you can pipe your binary-encoded shellcode (generated for instance with Metasploit's msfpayload) to Metasploit's msfencode to encode it with the alpha_mixed encoder. Set the BufferRegister variable to EAX registry where the address in memory of the shellcode will be stored, to avoid get_pc() binary stub to be prepended to the shellcode. Spawns a new thread where the shellcod...