Skip to content

Releases: f0ng/log4j2burpscanner

0.19.1

17 Nov 02:44
@f0ng f0ng
0.19.1
3d818f6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
0.19.1

0.19.1

2022-11-17

  • add custom parameters dnsldaprmi to bypass waf

增加自定义参数dnsldaprmi以绕过waf,(原始参数为dns:,注意冒号也是需要的,可以根据需要自定义相应的参数)
感谢团队@Paper-Pen 师傅的建议
image

Contributors

Paper-Pen
Assets 5
Loading

0.19.0

02 May 07:15
@f0ng f0ng
0.19.0
2f283ea
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
0.19.0

0.19.0

2022-05-02

  • add polling dnslog query including active scanning and passive scanning

优化dnslog轮询查询,主动扫描、被动扫描都会进行dnslog的轮询查询

image

Assets 5
Loading

0.18.8

02 May 06:36
@f0ng f0ng
0.18.8
bf2309d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
0.18.8

0.18.8

2022-05-02

  • fix the problem that the vulnerability cannot be reported on the log4j2 RCE page
  • add polling dnslog query
  1. 修复之前版本造成的无法在log4j2 RCE页面报告漏洞的问题
  2. 增加轮询dnslog查询,轮询接口在被动扫描内,建议被动扫描常开,如果轮询发现有漏洞,将在插件加载页面报告,如下:

image

Assets 4
Loading

0.18.7

25 Apr 08:36
@f0ng f0ng
0.18.7
5ddb9a9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
0.18.7

0.18.7

2022-04-25

fix the two colons bug when check the isip box
fix the case where the request body has no payload when check the isip box

修复勾选了isip框后双冒号问题
修复勾选了isip框时请求体中没有payload的问题
#49 ,感谢 @NxStudy 师傅反馈

Contributors

NxStudy
Assets 4
Loading

0.18.6 update

18 Feb 08:54
@f0ng f0ng
0.18.6
75e578d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
0.18.6 update

0.18.6

2022-02-18

optimize X-Forwarded-For param problem

优化 X-Forwarded-For 参数问题,#45 ,感谢 @aetkrad 师傅反馈

Contributors

aetkrad
Assets 4
Loading

0.18.5 update

16 Feb 09:21
@f0ng f0ng
0.18.5
58e5943
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
0.18.5 update

0.18.5

2022-2-16

optimize send to log4j2 Scanner

优化send to log4j2 Scanner逻辑,原因在于之前版本的扫描逻辑为路径加上payload,请求体也会携带payload,导致请求体中的payload无意义;而正常路径的请求是正常请求体,该版本二者进行了互换

修复对fastjson 1.2.68的引用,更改为版本1.2.74,感谢师傅 @Abbylii 提醒

Contributors

Abbylii
Assets 4
Loading

0.18.4 update

11 Jan 05:46
@f0ng f0ng
0.18.4
58e5943
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
0.18.4 update

0.18.4

2022-1-11

fixed the case where a blank payload was added when the custom parameter was set to empty

when there are no custom parameters, no check box,add X-Forward-for payload

修复自定义参数置空还会添加空白payload情况,#42 感谢@9uoer 师傅反馈

优化无自定义参数、无勾选框情况为添加X-Forward-for payload

Contributors

9uoer
Assets 4
Loading

0.18.3 update

10 Jan 13:39
@f0ng f0ng
0.18.3
6c8e8ba
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
0.18.3 update

0.18.3更新

2022-1-10

1.fix the default error displayed.the custom dnslog should be xxxx.xxx, the error displayed in previous versions ishttp://xxxx.xxx, http protocol needs to be excluded

2.add payload transmission with normal URI and normal request body (more adaptive)

3.delete the URL encoding under normal URI

1.修复了显示的默认错误,自定义dnslog应该为xxx.xxxx,之前版本显示错误为http://xxx.xxx,需要剔除http协议

2.加入uri正常、请求体正常的payload发送情况(更加适配),感谢大哥s神督促更新

3.删去正常uri下的URL 编码情况

image

Assets 4
Loading

0.18.2 update

07 Jan 06:07
@f0ng f0ng
0.18.2
6c8e8ba
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
0.18.2 update

0.18.2 update

2022-1-7

fix the problem that the white list is empty without passive scanning

修复白名单置空不进行被动扫描问题,感谢@k-fire 师傅

Contributors

k-fire
Assets 4
Loading

0.18.1 update

06 Jan 07:59
@f0ng f0ng
0.18.1
beea068
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
0.18.1 update

0.18.1 update

2022-1-6

dns: change to dns${::-:}

dns:字段更改为dns${::-:},包含其他协议rmi${::-:}ldap${::-:}

Assets 4
Loading