Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Log4Shell Scanner & Log4Shell Everywhere

Saleem | Last updated: Dec 22, 2021 05:49AM UTC

Hi, I configure Log4Shell Scanner & Log4Shell Everywhere addon in my burpsuite professional to detect the log4j vulnerability. Once after craw & audit completed for the log4j vulnerable application, I couldn't found the vulnerablity. I also follow the below steps for the quick result, unfortunately I couldn't got this issue. 1. Burpsuite Professional 2. Extender -> BApp Store 3. Installed -> Log4Shell Scanner & Log4Shell Everywhere Addon 4. Log4j Vulnerable app added to the scope 5. Selected Scan -> Open scan launcher 6. In Scan configuration -> Select from library -> Audit checks - extensions only 7. Ok to scan Kindly do the needful as a immediate basic, I am very thankful for this. Regards Saleem Choudary

Alex, PortSwigger Agent | Last updated: Dec 22, 2021 10:37AM UTC

Saleem | Last updated: Jan 17, 2022 09:11AM UTC

Hi PostSwigger, Could you please confirm whether Log4Shell Scanner & Log4Shell Everywhere Burpsuite Pro Addon's is capable to identify other log4j vulnerabilities of CVE-2021-44832, CVE-2021-45105 & CVE-2021-45046 along with CVE-2021-44228. Regards Saleem Choudary

Saleem | Last updated: Jan 17, 2022 09:11AM UTC

Hi PostSwigger, Could you please confirm whether Log4Shell Scanner & Log4Shell Everywhere Burpsuite Pro Addon's is capable to identify other log4j vulnerabilities of CVE-2021-44832, CVE-2021-45105 & CVE-2021-45046 along with CVE-2021-44228. Regards Saleem Choudary

Alex, PortSwigger Agent | Last updated: Jan 17, 2022 01:58PM UTC

Hi Saleem, Looking at the documentation for each extension, it looks like only CVE-2021-44228 is addressed. Please note that extensions are written by third-party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose. I would advise contacting the original BApp author to either clarify or request additional functionality. Thanks

Saleem | Last updated: Jan 18, 2022 06:25AM UTC

Hi Alex, Thanks for your response. Could you please provide us BApp author details to contact & get clarity with query. Regards Saleem Choudary

Alex, PortSwigger Agent | Last updated: Jan 18, 2022 08:50AM UTC