Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Log4Shell Scanner & Log4Shell Everywhere

Saleem | Last updated: Dec 22, 2021 05:49AM UTC

Hi, I configure Log4Shell Scanner & Log4Shell Everywhere addon in my burpsuite professional to detect the log4j vulnerability. Once after craw & audit completed for the log4j vulnerable application, I couldn't found the vulnerablity. I also follow the below steps for the quick result, unfortunately I couldn't got this issue. 1. Burpsuite Professional 2. Extender -> BApp Store 3. Installed -> Log4Shell Scanner & Log4Shell Everywhere Addon 4. Log4j Vulnerable app added to the scope 5. Selected Scan -> Open scan launcher 6. In Scan configuration -> Select from library -> Audit checks - extensions only 7. Ok to scan Kindly do the needful as a immediate basic, I am very thankful for this. Regards Saleem Choudary

Alex, PortSwigger Agent | Last updated: Dec 22, 2021 10:37AM UTC

Saleem | Last updated: Jan 17, 2022 09:11AM UTC

Hi PostSwigger, Could you please confirm whether Log4Shell Scanner & Log4Shell Everywhere Burpsuite Pro Addon's is capable to identify other log4j vulnerabilities of CVE-2021-44832, CVE-2021-45105 & CVE-2021-45046 along with CVE-2021-44228. Regards Saleem Choudary

Saleem | Last updated: Jan 17, 2022 09:11AM UTC

Hi PostSwigger, Could you please confirm whether Log4Shell Scanner & Log4Shell Everywhere Burpsuite Pro Addon's is capable to identify other log4j vulnerabilities of CVE-2021-44832, CVE-2021-45105 & CVE-2021-45046 along with CVE-2021-44228. Regards Saleem Choudary

Alex, PortSwigger Agent | Last updated: Jan 17, 2022 01:58PM UTC

Hi Saleem, Looking at the documentation for each extension, it looks like only CVE-2021-44228 is addressed. Please note that extensions are written by third-party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose. I would advise contacting the original BApp author to either clarify or request additional functionality. Thanks

Saleem | Last updated: Jan 18, 2022 06:25AM UTC

Hi Alex, Thanks for your response. Could you please provide us BApp author details to contact & get clarity with query. Regards Saleem Choudary

Alex, PortSwigger Agent | Last updated: Jan 18, 2022 08:50AM UTC

Hi Saleem, I would recommend navigating to the original repo and selecting "Issues" - from there you can raise a new issue: https://github.com/claranet-cybersecurity/Log4Shell-Everywhere https://github.com/silentsignal/burp-log4shell https://docs.github.com/en/issues/tracking-your-work-with-issues/about-issues I hope that helps. Thanks

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.