• Stars
    star
    470
  • Rank 93,399 (Top 2 %)
  • Language
    Kotlin
  • License
    GNU General Publi...
  • Created about 3 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Log4Shell scanner for Burp Suite

Log4Shell scanner for Burp Suite

screenshot

Detailed description can be found in our blog post about this plugin, you can also ▢️ watch a recorded demonstration video. (There's also a bit longer video by @nu11secur1ty that also demonstrates setting up a vulnerable application.)

Note about detection capabilities: this plugin will only supply the built-in active scanner with payloads, thus for optimal coverage vs. performance, you'll have to configure your scan properly – just as with any other built-in or extension-provided scan. See #3 for detailed explanation regarding this matter.

Comparison

Feature Log4Shell scanner (this one) ActiveScan++ (b485a07)
Synchronous detection βœ”οΈ βœ”οΈ
Asynchronous detection βœ”οΈ ❌
Hostname detection βœ”οΈ ❌
Username detection βœ”οΈ ❌
Ability for single-issue scan (see below) βœ”οΈ ❌

Single-issue scan

If you'd like to scan only for Log4j (and not other things such as XSS or SQLi), this plugin makes it possible.

By following any of the instruction sets below, the scanner will only perform Log4Shell checks on all insertion points if the scan configuration created as a result is used.

The easiest way

Thanks to Hannah at PortSwigger for bringing this to our attention.

  1. When creating a new scan, click Select from library on the Scan configuration tab
  2. Pick Audit checks - extensions only which is built into Burp Suite Pro 2.x
  3. Disable every other extension (if applicable) that have an active scan check registered (such as ActiveScan++, Backslash powered scanning, Burp Bounty, etc.) so that only the Log4Shell scanner runs

The easy way

This is the version that's demonstrated in the above linked video.

  1. Save extensions-only.json to your machine
  2. From the leftmost Burp menu, select Configuration library
  3. Click Import on the right side of the window
  4. Select the location where you save the file in step 1.
  5. When creating a new scan, click Select from library on the Scan configuration tab
  6. Disable every other extension (if applicable) that have an active scan check registered (such as ActiveScan++, Backslash powered scanning, Burp Bounty, etc.) so that only the Log4Shell scanner runs

The manual way

This one used to be harder, but @alright21 made it much easier.

  1. Create a new Scan Configuration
  2. Expand Issues Reported
  3. Click on one of the issues to move the focus to that list
  4. Press Ctrl + A
  5. Right click on the list and click on Enabled, this will disable all issues
  6. Manually check the box at the last one called Extension generated issue to enable that
  7. Disable every other extension (if applicable) that have an active scan check registered (such as ActiveScan++, Backslash powered scanning, Burp Bounty, etc.) so that only the Log4Shell scanner runs

Building

Execute ./gradlew build and you'll have the plugin ready in build/libs/burp-log4shell.jar

License

The whole project is available under the GNU General Public License v3.0, see LICENSE.md.

More Repositories

1

burp-text4shell

Text4Shell scanner for Burp Suite
Kotlin
190
star
2

rsa_sign2n

Deriving RSA public keys from message-signature pairs
Python
180
star
3

sheep-wolf

Wolves Among the Sheep
C
145
star
4

burp-requests

Copy as requests plugin for Burp Suite
Java
106
star
5

burp-piper

Piper Burp Suite Extender plugin
Kotlin
100
star
6

burp-image-size

Image size issues plugin for Burp Suite
Java
92
star
7

wpc-ps

Windows Privesc Check - PowerShell
PowerShell
69
star
8

av-breaking

Bare Knuckled AV Breaking
59
star
9

duncan

Duncan - Blind SQL injector skeleton
Python
55
star
10

burp-uuid

UUID issues for Burp Suite
Java
48
star
11

DirBustErl

DirBuster successor in Erlang
Erlang
37
star
12

burp-json-jtree

JSON JTree viewer for Burp Suite
Java
37
star
13

burp-collab-gw

Simple socket-based gateway to the Burp Collaborator
Java
34
star
14

WebSphere-WSIF-gadget

CVE-2020-4464 / CVE-2020-4450
Java
33
star
15

ActiveScan3Plus

Modified version of ActiveScan++ Burp Suite extension
Python
31
star
16

zsca

Zero-trust SSH CA
Python
27
star
17

burp-pdml

PDML importer for Burp Suite
Java
27
star
18

sslproxy

Generic HTTPS proxy for logging non-HTTP traffic
Erlang
23
star
19

wpc

Windows Privesc Check
Python
21
star
20

burp-cfurl-cache

CFURL Cache inspector for Burp Suite
Java
18
star
21

damn-vulnerable-stateful-web-app

Short and simple vulnerable PHP web application that naΓ―ve scanners found to be perfectly safe
PHP
13
star
22

SemGWT

Semgrep rules to identify GWT attack surface
Python
10
star
23

eazfuscator.net-symbol-decrypter

Mass decryptor for Eazfuscator.net Symbol Names Encryption
Python
10
star
24

heureka

A toolset to assess the behavioral capabilities of AV/HIPS software
C++
8
star
25

burp-uniqueness

Uniqueness plugin for Burp Suite
Java
7
star
26

android-param-annotate

Android parameter annotator for Dalvik/Smali disassembly
Python
7
star
27

burp-commentator

Generates comments for selected request(s) based on regular expressions
Java
6
star
28

burp-git-version

Java
6
star
29

tickpredict

Predict the tick count of a remote ASP.NET application to achieve code execution
C#
5
star
30

xcoff-ghidra

Quick&Dirty XCOFF Loader for Ghidra
Java
5
star
31

crotch

Code Review on the Cheap
Python
5
star
32

burp-json-array

JSON Array issues plugin for Burp Suite
Java
4
star
33

burp-periscope

Quick scope settings for Burp Suite
Kotlin
4
star
34

nsmuggler

Little help to SQL/XSS smuggling
3
star
35

burp-asn1

ASN.1 toolbox for Burp Suite
Java
2
star
36

xcoff-ks

Kaitai Struct Declarations for XCOFF
Kaitai Struct
2
star
37

jms-codeql

CodeQL queries for JMS
CodeQL
2
star
38

SAVF

IBM i *PGM Save Files and their corresponding C sources
C
2
star
39

dhbrute

Brute force tool for poorly implemented Diffie-Hellman solutions
C++
1
star
40

mq-jms-spring

JMS Deserialization Vulnerabilities When Using Spring with IBM MQ
Java
1
star
41

ktool

experimental tool for storing/searching/converting RSA public keys
Python
1
star
42

simpli

Performs primitive Dalvik symbolic execution
Python
1
star
43

burp-ipv

Insertion point visualizer for Burp Suite
Kotlin
1
star
44

burp-sqlite-logger

SQLite logger for Burp Suite
Java
1
star