Burp Suite User Forum

Login to post

Log4Shell Scanner and Log4Shell Everywhere

Supraja | Last updated: Dec 21, 2021 01:29PM UTC

Hello Team, I tried to install Log4Shell Scanner and Log4Shell Everywhere extensions using BApp Store in Burp Extender to test the log4j vulnerability. I have tried the below process: 1. New Scan -> Scan details -> provided target URL which is vulnerable to lo4j 2. Scan configuration -> Add library -> Audit checks extensions only -> OK 3. Scan performed But log4j vulnerability is not detected and we wanted to know whether any step is missed in our process mentioned above to detect this vulnerability. Please suggest solution on this for us to reproduce and see whether lo4Shell Scanner is able to detect the lo4j vulnerability. Regards, Supraja

Uthman, PortSwigger Agent | Last updated: Dec 22, 2021 10:06AM UTC

You need to Log in to post a reply. Or register here, for free.