diff --git a/BappDescription.html b/BappDescription.html
index 4e395a2..19b11b9 100644
--- a/BappDescription.html
+++ b/BappDescription.html
@@ -1,26 +1,35 @@
-ActiveScan++ extends Burp Suite's active and passive scanning capabilities.
-Designed to add minimal network overhead, it identifies application behaviour that may be of interest to advanced testers:
+
+ ActiveScan++ extends active and passive scanning capabilities. Designed to add minimal network overhead, it
+ identifies application behavior that may be of interest to advanced testers.
+
+Features
- - Potential host header attacks (password reset poisoning, cache poisoning, DNS rebinding)
- - Edge side includes
- - XML input handling
- - Suspicious input transformation (eg 7*7 => '49', \x41\x41 => 'AA')
- - Passive-scanner issues that only occur during fuzzing (install the 'Error Message Checks' extension for maximum effectiveness)
+ - Detects potential host header attacks, including password reset poisoning, cache poisoning, and DNS rebinding
+
+ - Identifies Edge Side Includes and XML input handling vulnerabilities
+ - Discovers suspicious input transformations such as expression evaluation (7*7 → '49') and character
+ escaping (\x41\x41 → 'AA')
+ - Detects blind code injection via expression language, Ruby's
open(), and Perl's
+ open()
+ - Checks for specific CVEs including Shellshock (CVE-2014-6271, CVE-2014-6278), Struts vulnerabilities
+ (CVE-2017-5638, CVE-2018-11776), Solr injection (CVE-2017-12629), Log4Shell (CVE-2021-44228), Rails file
+ disclosure (CVE-2019-5418), and React2Shell (CVE-2025-55182, CVE-2025-66478)
+ - Identifies unicode processing issues that may bypass character blocklists
+ - Triggers passive scanner checks during active scanning to discover issues that only appear during fuzzing
+ - Provides insertion points for HTTP basic authentication testing
-It also adds checks for the following issues:
+Usage
+
+ - Run a standard active scan on your target
+ - The extension automatically performs all configured checks during the scan
+ - Review discovered issues in the scan results
+
-
- - Blind code injection via expression language, Ruby's open() and Perl's open()
- - CVE-2014-6271/CVE-2014-6278 'shellshock' and CVE-2015-2080, CVE-2017-5638, CVE-2017-12629, CVE-2018-11776
-
-
-It also provides insertion points for HTTP basic authentication.
-
-To invoke these checks, just run a normal active scan.
-
-The host header checks tamper with the host header, which may result in requests being routed to different applications on the same host.
-Exercise caution when running this scanner against applications in a shared hosting environment.
+
+ Note: The host header checks modify the host header, which may route requests to different applications on the same
+ host. Exercise caution when scanning applications in shared hosting environments.
+
-Copyright © 2014-2025 PortSwigger Ltd.
+
Copyright © 2014-2025 PortSwigger Ltd.
diff --git a/BappManifest.bmf b/BappManifest.bmf
index 86c0808..55132bc 100644
--- a/BappManifest.bmf
+++ b/BappManifest.bmf
@@ -2,8 +2,8 @@ Uuid: 3123d5b5f25c4128894d97ea1acc4976
ExtensionType: 1
Name: Active Scan++
RepoName: active-scan-plus-plus
-ScreenVersion: 2.0.7
-SerialVersion: 44
+ScreenVersion: 2.0.8
+SerialVersion: 49
MinPlatformVersion: 19
ProOnly: True
Author: James Kettle, PortSwigger
diff --git a/build.gradle b/build.gradle
index d8ab701..1cfdd55 100644
--- a/build.gradle
+++ b/build.gradle
@@ -8,7 +8,8 @@ repositories {
}
dependencies {
- //compile 'net.portswigger.burp.extender:burp-extender-api:1.7.13'
+ // Minimum Burp version compatibility
+ //compileOnly 'net.portswigger.burp.extensions:montoya-api:2025.2'
implementation 'org.apache.commons:commons-text:1.9'
implementation files('bulkScan-all.jar') // this contains albinowaxUtils
}