As we've mentioned many times, the most important Burp Suite feature is the automation capability. As we will explore later on this book, we can create our own plugins to extend Burp Suite, or we can find a lot of extensions made by the community.
There is an extension called SHELLING, which is focused on the payload list creation for command injection attacks. We'll look at this more closely in the following section.
SHELLING is a plugin that is not available in the BApps Store, so you will need to go the GitHub to get it https://github.com/ewilded/shelling. Download the .jar
file and install it using the Extender
option in Burp Suite:
- After it is installed...