Can we find Log4Shell with Java Fuzzing? 🔥
(CVE-2021-44228 - Log4j RCE)

In this video, I’m trying to find the famous java Log4Shell RCE (CVE-2021-44228) using fuzzing. I’m targeting apache log4j2 version 2.14.1 and I’m using Jazzer, the Java fuzzer developed by Code Intelligence. I will show and give you everything to reproduce the same at home 😉 Don’t forget to patch the log4j security vulnerability by switching to log4j2 version 2.15.0

NOTES

More about Log4Shell (CVE-2021-44228)

Modify Jazzer maven/bazel configs

log4j log4j2 rce log4shell java fuzzing library fuzz testing jazzer code intelligence maven
log4j log4j2 rce log4shell java fuzzing library fuzz testing jazzer code intelligence bazel

Create your fuzz target

log4j log4j2 rce log4shell java fuzzing library fuzz testing jazzer code intelligence harness

Run the fuzzer

log4j log4j2 rce log4shell java fuzzing library fuzz testing jazzer code intelligence run
log4j log4j2 rce log4shell java fuzzing library fuzz testing jazzer code intelligence harness log

You will get access of the complete tutorial with source code, cheat sheet and or complete video tutorial right below or at this address.

Introduction to Java fuzzing

I hope you will appreciate and you can discover more about my courses here.

Thank You,

Patrick Ventuzelo / @Pat_Ventuzelo

Twitter Linkedin-in Github

FREE Courses & Training

Enter your email and we'll send you a bundle of awesome resources. 100% free - 100% awesome.

Any questions about our services and trainings ?

Get in touch today with any questions that you might have.

Contact us