Burp extension to scan Log4Shell (CVE-2021-44228) vulnerability pre and post auth.
I am not responsible for your actions, burp-suite freezing, target getting hacked, thermonuclear war, or the current economic crisis caused by you following these directions. YOU are choosing to use this tool, and if you point your finger at me for messing anything up, I will LMAO at you.
- You need to have a burp project with pre-existing history, it replays requests with payloads.
- Add a DNS token from any service you prefer interact.sh, pipedream, canarytokens, dnslog.cn or burp collaborator.
- Either select one of the pre-defined payload or add a custom payload.
- Add custom payload as:
randomare place-holders, also remember NOT to add
}closing curly bracket.
- Select location for payload insertion, headers or parameters or both.
- For post-auth scanning add the complete cookie, auth header. Eg:
Authorization: Bearer ya29.m.CvkBAd1XLWYfLkuHFIuOYFCfcGI137rr...
- Hit Hack The Planet button.
Important instructions to remember:
- You’ll need Logger++ or Flow extension to trace the request triggering the DNS callback.
- Remember to add this extension above Logger++ or Flow to track all out going requests.
How to track callbacks:
- Payload triggering callback will contain a 6 character unique ID
- Example payload
ABC123will be the unique ID
- You can search for this ID in Logger++ or Flow to trace the request.
Build from source
./gradlew build fatJar
- Grab the jar file
- Download the latest jar from releases or build from source.
- Add the jar to Burp Suite.
If you like the project, please give the repo a star! <3
- For passive scanning:
- For active scanning:
13 December 2021 – v.0.1.0
- First public release
- CoreyD97 – https://github.com/CoreyD97