Comments (3)
Just show me a single one that provides such an option that initiates an active scan on the current request focusing on the single vulnerability class targeted by the extension.
from burp-log4shell.
I'm sorry but given the current set of APIs available for Extender plugins, that's just plain impossible. Your code snippets hide the problematic part as ...
in self._extender.doActiveScan(...);
as IScannerCheck.doActivescan
expects (and in most cases, including this plugin as well, uses) a second parameter with an insertion point (an object that implements IScannerInsertionPoint
).
So first of all, doActiveScan
is called not just for a single scan, but once for each insertion point. And there's just no API provided to actually get all those insertion points by an Extender plugin. Try searching for IScannerInsertionPoint
in the Burp Extender API documentation and you'll find that your average plugin can only interact with such objects in three cases.
- You get one if you're a scanner check, just as I described above. This is how Active scan works, they call you, never the other way around.
- You provide such insertion points to the active scanner and it calls all the other scanner checks with those provided by you included in the set. Again, the data flow is unidirectional, you don't get to ask Burp to collect and provide those insertion points for you.
- You create one manually with
makeScannerInsertionPoint
, however, you have to figure out how to parse its location and what encoding to use. Even the official API documentation states
It can be used to quickly create a simple insertion point based on a fixed payload location within a base request.
So AFAIK what you ask for is impossible, or to put it in another way, making it possible is just not worth it. You'd have to implement half of the built-in active scanner to implement the code that's already there, it's just inaccessible to your average extension. Another, contrived way would be doing such a version where the user has to select the part manually (like in Intruder) and specify encoding explicitly.
Please only reopen this if you have information that disproves any of the above. If you'd like to do the reimplementation part, feel free to submit a PR.
from burp-log4shell.
from burp-log4shell.
Related Issues (14)
- Hard way is not that hard HOT 4
- Additional payloads for allowedLdapHost and allowedClasses bypass HOT 2
- CVE coverage HOT 1
- Payloads are not sent with the plugin HOT 10
- I suggest this plugin can add some scan rules HOT 2
- BApps: Log4Shell scanner HOT 5
- Protobuf version error HOT 1
- [Request] - Add check for unencoded URI Path HOT 7
- Fails to detect Log4Shell vulnerability HOT 16
- Running burp-log4shell.jar HOT 2
- Out of box Burp with single extension not discover Log4shell HOT 2
- Detecting delayed responses/timeouts? HOT 3
- Only detecting JNDI + LDAP exploit variant - other exploits of CVE are undetected HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from burp-log4shell.