Merge pull request #1 from silentsignal/master

v0.2.2

README.md

@@ -3,7 +3,8 @@ Log4Shell scanner for Burp Suite
 
 ![screenshot](screenshot.png)
 
-Detailed description can be found [in our blog post about this plugin][1].
+Detailed description can be found [in our blog post about this plugin][1],
+you can also [▶️ watch a recorded demonstration video][3].
 
 Comparison
 ----------
@@ -26,11 +27,17 @@ By following any of the instruction sets below, the the scanner will only
 perform Log4Shell checks on all insertion points if the scan configuration
 created as a result is used.
 
+### The easiest way ###
+
+Thanks to Hannah at PortSwigger for bringing this to our attention.
+
+1. When creating a new scan, click `Select from library` on the `Scan configuration` tab
+2. Pick `Audit checks - extensions only` which is built into Burp Suite Pro 2.x
+3. Disable every other extension (if applicable) that have an active scan check registered (such as ActiveScan++, Backslash powered scanning, Burp Bounty, etc.) so that only the Log4Shell scanner runs
+
 ### The easy way ###
 
-Although it might seem that this one has two more items, step 3 of the
-harder way involves ticking 152 checkboxes in a box that only displays 16
-at a time.
+This is the version that's demonstrated in the above linked video.
 
 1. Save [`extensions-only.json`][2] to your machine
 2. From the leftmost `Burp` menu, select `Configuration library`
@@ -39,12 +46,17 @@ at a time.
 5. When creating a new scan, click `Select from library` on the `Scan configuration` tab
 6. Disable every other extension (if applicable) that have an active scan check registered (such as ActiveScan++, Backslash powered scanning, Burp Bounty, etc.) so that only the Log4Shell scanner runs
 
-### The harder way ###
+### The manual way ###
+
+This one used to be harder, but @alright21 made it much easier.
 
 1. Create a new `Scan Configuration`
 2. Expand `Issues Reported`
-3. Uncheck every single one of them except the last called `Extension generated issue`
-4. Disable every other extension (if applicable) that have an active scan check registered (such as ActiveScan++, Backslash powered scanning, Burp Bounty, etc.) so that only the Log4Shell scanner runs
+3. Click on one of the issues to move the focus to that list
+4. Press `Ctrl` + `A`
+5. Right click on the list and click on `Enabled`, this will disable all issues
+6. Manually check the box at the last one called `Extension generated issue` to enabled that
+7. Disable every other extension (if applicable) that have an active scan check registered (such as ActiveScan++, Backslash powered scanning, Burp Bounty, etc.) so that only the Log4Shell scanner runs
 
 Building
 --------
@@ -60,3 +72,4 @@ see `LICENSE.md`.
 
 [1]: https://blog.silentsignal.eu/2021/12/12/our-new-tool-for-enumerating-hidden-log4shell-affected-hosts/
 [2]: https://raw.githubusercontent.com/silentsignal/burp-log4shell/master/extensions-only.json
+[3]: https://vimeo.com/656095367/3642ba0859

build.gradle

@@ -18,8 +18,6 @@
 
 apply plugin: 'java'
 apply plugin: 'kotlin'
-apply plugin: 'com.google.protobuf'
-
 sourceCompatibility = 1.8
 targetCompatibility = 1.8
 
@@ -31,7 +29,6 @@ buildscript {
  }
  dependencies {
  classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
- classpath 'com.google.protobuf:protobuf-gradle-plugin:0.8.5'
  }
 }
 
@@ -42,8 +39,6 @@ repositories {
 
 dependencies {
  compile "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"
- compile "com.google.protobuf:protobuf-lite:3.0.0"
- compile "org.snakeyaml:snakeyaml-engine:1.0"
 
  compile 'net.portswigger.burp.extender:burp-extender-api:1.7.22'
  compile 'com.esotericsoftware:minlog:1.3'
@@ -52,43 +47,7 @@ dependencies {
 }
 
 jar {
- sourceSets {
- sourceSets.main.java.srcDirs += 'build/generated/source/proto/main/java'
- }
- from('src/main/yaml') {
- include('*.yaml')
- }
- from('static') {
- include('mime.pb')
- }
  from {
  configurations.compile.collect { it.isDirectory() ? it : zipTree(it) }
  }
 }
-
-protobuf {
- protoc { artifact = 'com.google.protobuf:protoc:3.0.0' }
- plugins {
- javalite {
- artifact = 'com.google.protobuf:protoc-gen-javalite:3.0.0'
- }
- }
- generateProtoTasks {
- all().each { task ->
- task.builtins {
- remove java
- }
- task.plugins {
- javalite { }
- }
- }
- }
-}
-
-sourceSets {
- main {
- java {
- srcDirs += file("${protobuf.generatedFilesBaseDir}/main/javalite")
- }
- }
-}