Giter Club home page Giter Club logo

Comments (12)

f0ng avatar f0ng commented on June 16, 2024

感谢师傅反馈
建议1会在后续版本更新
建议2已经在小版本更新0.15.3,改了前面的,写死了,后面的改了前面的就忘记了
建议3会考虑缩小查询的范围
建议4会在后续版本考虑更新,实战中对jndi:绕过的实用性不是很大,反而容易被封,所以对jndi:的绕过轮询发请求不太适合

from log4j2burpscanner.

Chinakentgao avatar Chinakentgao commented on June 16, 2024

xxx.ceye.io 支持还是有问题dns有记录但插件上没检测出来。而且第一次发送请求后再一次测试就不会重复发送了。修改配置也无法再次发送请求得手动发送。测试靶场:http://d63bb2586.lab.aqlab.cn

from log4j2burpscanner.

f0ng avatar f0ng commented on June 16, 2024

感谢师傅反馈,0.15.4修复该问题,关于第一次发送请求后再一次测试就不会重复发送了本插件是通过Passive接口进行扫描,如果第一次扫描过了,第二次再次加载插件,是不会再次扫描,需要重启burp即可

from log4j2burpscanner.

f0ng avatar f0ng commented on June 16, 2024

0.15 bug太多了,师傅等0.16版本出来再提建议吧,我这两个版本同时改代码,忙不过来了

from log4j2burpscanner.

Chinakentgao avatar Chinakentgao commented on June 16, 2024

from log4j2burpscanner.

f0ng avatar f0ng commented on June 16, 2024

0.15.5版本修复了ceye.io无法检测漏洞的问题,原因是回溯了代码😓

from log4j2burpscanner.

Chinakentgao avatar Chinakentgao commented on June 16, 2024

from log4j2burpscanner.

f0ng avatar f0ng commented on June 16, 2024

建议1已在0.16版本更新

from log4j2burpscanner.

kN6jq avatar kN6jq commented on June 16, 2024

师傅 能不能改成自行选择插入点,哪些字段进行测试,如get cookie等。

from log4j2burpscanner.

f0ng avatar f0ng commented on June 16, 2024

师傅 能不能改成自行选择插入点,哪些字段进行测试,如get cookie等。

目前默认情况是get都会插入,cookie可以选择全部和单个,在自定义参数页面

from log4j2burpscanner.

f0ng avatar f0ng commented on June 16, 2024

建议3已在0.16.4版本更新

from log4j2burpscanner.

f0ng avatar f0ng commented on June 16, 2024

目前是取每个路径的第一个字符,如uri为"/login/uri/index.php”,那么请求的dnslog为l.u.i.p.xxxx.ceye.io,减少长度

from log4j2burpscanner.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.