Skip to content

Plugin development guide

Jump to bottom Edit New page
nil0x42 edited this page Jan 6, 2019 · 7 revisions

If you plain to develop a plugin for inclusion in a future release, please observe the following guidelines and conventions.

  • Write the python-side part with respect of the PEP8 convention

    It eases code visibility for other users, and maintains coherence with the framework's core (which obeys to the same coding style).

  • Never use a PHP function that appeared after PHP 4.3.0 in the payload

    Considering recent statistics, PHP versions below 4.3.0 are extremely rare. Thus, assuming that the framework aims to work with most of PHP webservers, remaining compatible with PHP version 4.3.0 is the least we can do.

  • Privilegiate a small PHP payload, and a bigger python code.

    This way, the plugin maximises its chances to be correctly executed in a single request, even with drastical server limitations. Keep in mind that the python plugin code (plugin.py) is executed from attacker side, while the php payload (*.php) is dynamically loaded in HTTP requests, and executed on target server.

Special note:

Assuming that the API documentation is currently incomplete on the wiki, consider reading existing plugins to see how they are implemented.

Phpsploit integrates a python console, very useful to browse the inernal API:

phpsploit > corectl python-console

Phpsploit corectl: python console interpreter

>>> import api
>>> print(api.plugin.name)
plugin_example
>>> help(api)
Add a custom footer
Add a custom sidebar
Clone this wiki locally