Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Log4jShell scanner removed? Does Active scan++ supports Log4jshell?

Shreyas | Last updated: Sep 18, 2023 05:55PM UTC

Hi, Any reason why Log4jShell scanner extension is removed from BApp Store? Also, since Log4jShell scanner removed, does for all the below variants are supported by Active scan++ Feature Log4Shell scanner (this one) ActiveScan++ (b485a07) Synchronous detection ✔️ ✔️ Asynchronous detection ✔️ ❌ Hostname detection ✔️ ❌ Username detection ✔️ ❌ Ability for single-issue scan (see below) ✔️ ❌ Thank you, Shreyas

Dominyque, PortSwigger Agent | Last updated: Sep 19, 2023 09:47AM UTC

Hi We removed the Log4jShell scanner extension from the BApp Store as it was triggering the anti-virus check. We did contact the author about this, but they haven't gotten back to us. You can still use the Log4jShell extension from GitHub if you would like: https://github.com/silentsignal/burp-log4shell. The functionality of the Active Scan++ is listed in the description: https://portswigger.net/bappstore/3123d5b5f25c4128894d97ea1acc4976.

Ben | Last updated: Nov 15, 2023 09:34PM UTC

Dominyque, the description in the BApp Store and the GitHub page for Active Scan++ is currently inaccurate, because one of the developers commented out the Log4Shell check back in July. See line 72 of activeScan++.py here: https://github.com/PortSwigger/active-scan-plus-plus/commit/b327b5e8fc5c1a9be27eb545428ec1c8ffc68e84

Dominyque, PortSwigger Agent | Last updated: Nov 16, 2023 07:50AM UTC