PortSwigger has leveled up Burp Suite’s scanning arsenal with the latest Active Scan++ extension, version 2.0.9, released on December 16, 2025.
This free BApp, authored by Director of Research James Kettle, now detects React2Shell vulnerabilities (CVE-2025-55182 and CVE-2025-66478), alongside a suite of other high-impact flaws.
Designed for penetration testers, it boosts both active and passive scanning while keeping network overhead low, making it ideal for thorough web app assessments without crashing targets.
Active Scan++ shines by spotting subtle application behaviors that evade basic scanners.
It runs automatically during standard Burp active scans, flagging issues in real time for quick review in the scan results.
Testers can download it directly from the BApp Store or GitHub for offline installation.
Key Detection Features
The extension packs a punch with targeted checks:
- Host header attacks: Uncovers password reset poisoning, cache poisoning, and DNS rebinding exploits, where manipulated Host headers trick servers into serving malicious content.
- Input handling flaws: Spots Edge Side Includes (ESI) and XML processing bugs that could lead to server-side request forgery or XXE attacks.
- Suspicious transformations: Flags input changes like math expressions (e.g., “7*7” → “49”) hinting at evaluation sinks, or escapes (“\x41\x41” → “AA”) bypassing filters. It also detects blind code injections via EL, Ruby’s open(), or Perl’s open().
- Named CVEs: Hunt specific bugs like Shellshock (CVE-2014-6271, CVE-2014-6278), Apache Struts (CVE-2017-5638, CVE-2018-11776), Solr injection (CVE-2017-12629), Log4Shell (CVE-2021-44228), Rails file disclosure (CVE-2019-5418), and the fresh React2Shell duo.
- Advanced evasions: Identifies Unicode tricks dodging blocklists and triggers passive scans mid-fuzz to catch fuzz-only issues.
- Auth testing: Adds insertion points for HTTP Basic Auth probes.
These features help pentesters chain findings, such as using host header modifications to pivot attacks though caution is advised in shared hosting to avoid routing requests astray.
Easy Usage and Low Impact
Getting started is straightforward: Launch a standard active scan in Burp Suite, and Active Scan++ handles the rest.
No extra config needed for core checks. It boasts low system impact minimal CPU, memory, and network use earning high ratings and popularity on the App Store.
This update equips security pros to counter evolving threats like React2Shell, ensuring Burp stays ahead in the cat-and-mouse game of web app testing.
Follow us on Google News , LinkedIn and X to Get More Instant Updates, Set Cyberpress as a Preferred Source in Google.
