Shellshock Burp Scanning

By Matthew Gill ·

The following is a Java plugin for the web proxy Burp designed to detect CVE-2014-6271, or shellshock, during active scans of web applications. Further versions of the shellshock vulnerability, e.g. CVE-2014-7169, are not detected by this plugin. These versions require an existing code execution exploit against the remote system to trigger, and are therefore not included.

Matthew Gill

Principal Consultant

Matthew Gill is a principal security consultant with Optiv's application security practice. In this role, he provides expertise in penetration testing, application assessment, code review and system architecture design.