Burp Suite User Forum

Login to post

Log4Shell Scanner & Log4Shell Everywhere

Saleem | Last updated: Dec 22, 2021 05:49AM UTC

Hi, I configure Log4Shell Scanner & Log4Shell Everywhere addon in my burpsuite professional to detect the log4j vulnerability. Once after craw & audit completed for the log4j vulnerable application, I couldn't found the vulnerablity. I also follow the below steps for the quick result, unfortunately I couldn't got this issue. 1. Burpsuite Professional 2. Extender -> BApp Store 3. Installed -> Log4Shell Scanner & Log4Shell Everywhere Addon 4. Log4j Vulnerable app added to the scope 5. Selected Scan -> Open scan launcher 6. In Scan configuration -> Select from library -> Audit checks - extensions only 7. Ok to scan Kindly do the needful as a immediate basic, I am very thankful for this. Regards Saleem Choudary

Alex, PortSwigger Agent | Last updated: Dec 22, 2021 10:37AM UTC

Saleem | Last updated: Jan 17, 2022 09:11AM UTC

Hi PostSwigger, Could you please confirm whether Log4Shell Scanner & Log4Shell Everywhere Burpsuite Pro Addon's is capable to identify other log4j vulnerabilities of CVE-2021-44832, CVE-2021-45105 & CVE-2021-45046 along with CVE-2021-44228. Regards Saleem Choudary

Saleem | Last updated: Jan 17, 2022 09:11AM UTC

Hi PostSwigger, Could you please confirm whether Log4Shell Scanner & Log4Shell Everywhere Burpsuite Pro Addon's is capable to identify other log4j vulnerabilities of CVE-2021-44832, CVE-2021-45105 & CVE-2021-45046 along with CVE-2021-44228. Regards Saleem Choudary

Alex, PortSwigger Agent | Last updated: Jan 17, 2022 01:58PM UTC

Hi Saleem, Looking at the documentation for each extension, it looks like only CVE-2021-44228 is addressed. Please note that extensions are written by third-party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose. I would advise contacting the original BApp author to either clarify or request additional functionality. Thanks

You need to Log in to post a reply. Or register here, for free.