In this recipe, we will use Burp to exploit the Shellshock (CVE-2014-6271) vulnerability. If you haven't heard about the vulnerability, which is also known as the Bash bug, it was the GNU bash remote code execution vulnerability, which could allow an attacker to gain access over a target machine. Since is being widely used, this vulnerability had a huge attack surface and given the high severity and ease of exploit of this bug, it was one of the highest impact security issues identified in 2014; therefore, we decided to demonstrate how it can be exploited using Burp.
To step through this recipe, you will need the following:
- Kali Linux running in Oracle Virtualbox/VMware
- Docker installed and running in Kali
- An Internet connection