By an advanced search of patterns and an improvement of the payload to send, we can create our own vulnerabilities profiles both in the active scanner and in the passive.
Download the latest jar from releases or build from source.Burp Bounty Pro Full Activated Ride First on Bug Huntingīurp Bounty Pro is a Burp Suite Professional extension that improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface. Grab the jar file build/libs/Log4J-Scanner-x.x.x.jar. [collaborator-server will be replaced by your collaborator server url itself. In your custom payload DO NOT add your collaborator url, just add as a placeholder,. Special thanks to Silent Signal, instructions and scan configurations are inspired from his extension. Only select Audit checks - extensions only and hit OK button. Select Scan Configuration > Select from library. Select your target > right-click > Scan. Add your custom payload and save settings. From Top-Menu open settings of Log4J Scanner. Disable/Uncheck all other active scanning extensions like active scan++, burp bounty pro, param-miner etc. Install the extension either from pre-compiled releases or build from source. YOU are choosing to use this tool, and if you point your finger at me for messing anything up, I will LMAO at you. 
I am not responsible for your actions, burp-suite freezing, target getting hacked, thermonuclear war, or the current economic crisis caused by you following these directions. Burp extension to scan Log4Shell (CVE-2021-44228) vulnerability with custom payloads.
0 kommentar(er)
