Shell plugin for Burp Suite: from OS Command injection to shell with tab-completion in Burp

I wrote a Burp Suite plugin that offers a Shell-like environment right in burp:

Burp Shell Demo

You can download the plugin here:

If some conditions are met, it will offers tab-completion, command history and persistence… just by leveraging an OS Command injection vulnerability and without the need of uploading a web shell or creating a bind or reverse shell.

I wrote an article on how it can be used. That same article also describes the methods used internally by the the plugin to go from just an OS Command injection that has no persistence and tab-completion, to a shell that offers both. You can find it here:

Nice one!