Skip to content

1.4.1

Latest
Latest
Compare
Choose a tag to compare
@Ar3h Ar3h released this 05 Apr 09:50
· 2 commits to dc4dea7cf3cbcdb443f6b1bbbda373e44f2cc191 since this release
1.4.1
1a3c38f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

ChangeLog

Added

  1. Added partial fastjson payload generation capabilities and a Unicode-based WAF bypass technique by
    @xcxmiku. Reference article
  2. Display the User-Agent value of incoming HTTPServer requests.
  3. Introduced a file upload parameter type to facilitate the customization of binary bytecode files. Refer to the
    corresponding Gadget: BytecodeFromUploadFile.
  4. Introduced JmgCustomShellGadget, enabling the injection of custom memory shells.
  5. Added support for specifying the listening address through environment variables.

Changed

  1. Removed the comparatorType option from the CB chain.
  2. Parameter values in log outputs are now displayed with a maximum length of 200 characters.
  3. Fixed a concatenation error (#9).
  4. Improved the frontend display of "Choice" selection parameters.
  5. Fixed an exception related to custom bytecode.
  6. Improved the frontend display of preset chains.
  7. In download/save mode, the output format is automatically switched to Raw.

中文 CHANGELOG

https://github.com/vulhub/java-chains/blob/main/CHANGELOG.zh-cn.md

Start

Docker

docker run -d \
  --name java-chains \
  --restart=always \
  -p 8011:8011 \
  -p 58080:58080 \
  -p 50389:50389 \
  -p 50388:50388 \
  -p 3308:3308 \
  -p 13999:13999 \
  -p 50000:50000 \
  -p 11527:11527 \
  -e CHAINS_AUTH=true \
  -e CHAINS_PASS= \
  javachains/javachains:1.4.1

Jar

only support JDK8

java -jar java-chains-1.4.1.jar

Contributors

xcxmiku
Assets 5
Loading