This one used to be harder, but made it much easier. Select the location where you save the file in step 1.Click Import on the right side of the window.From the leftmost Burp menu, select Configuration library.Save extensions-only.json to your machine.This is the version that's demonstrated in the above linked video. Disable every other extension (if applicable) that have an active scan check registered (such as ActiveScan++, Backslash powered scanning, Burp Bounty, etc.) so that only the Log4Shell scanner runs.Pick Audit checks - extensions only which is built into Burp Suite Pro 2.x.When creating a new scan, click Select from library on the Scan configuration tab.Thanks to Hannah at PortSwigger for bringing this to our attention. Perform Log4Shell checks on all insertion points if the scan configurationĬreated as a result is used. If you'd like to scan only for Log4j (and not other things such as XSS or SQLi),īy following any of the instruction sets below, the scanner will only Comparison FeatureĪbility for single-issue scan (see below) See #3 for detailed explanation regarding this matter. Have to configure your scan properly – just as with any other built-in orĮxtension-provided scan. Note about detection capabilities: this plugin will only supply the built-inĪctive scanner with payloads, thus for optimal coverage vs. You can also ▶️ watch a recorded demonstration video.
Detailed description can be found in our blog post about this plugin,
0 kommentar(er)
