Skip to content
This repository has been archived by the owner on Jul 13, 2022. It is now read-only.

Advanced Burp Suite Logging Extension

License

Notifications You must be signed in to change notification settings

cobalthq/LoggerPlusPlus

 
 

Repository files navigation

Logger++

Advanced Logging for Burp Suite

GitHub Workflow Status GitHub Watchers GitHub Stars GitHub All Releases GitHub License

Developed by Corey Arthur Twitter Follow
Original by Soroush Dalili Twitter Follow

Released as open source by NCC Group Plc - https://www.nccgroup.com/
Released under AGPL-3.0 see LICENSE for more information

Description

Logger++ is a multithreaded logging extension for Burp Suite. In addition to logging requests and responses from all Burp Suite tools, the extension allows advanced filters to be defined to highlight interesting entries or filter logs to only those which match the filter.

A built in grep tool allows the logs to be searched to locate entries which match a specified pattern, and extract the values of the capture groups.

To enable logs to be used in other systems, the table can also be uploaded to elasticsearch or exported to CSV.

Screenshots

Log Filters

Log Filters

Row Highlights

Row Highlights

Grep Search

Grep Panel

Usage

You can use this extension without using the BApp store. In order to install the latest version of this extension from the GitHub repository, follow these steps:

Step 1. Download the latest release jar .

Step 2. In Burp Suite, click on the "Extender" tab, then in the "Extensions" tab click on the "Add" button and select the downloaded "loggerplusplus.jar" file.

Step 3. You should now be able to see the "Logger++" tab in Burp Suite. If it cannot log anything, check your Burp Suite extension settings. If the save buttons are disabled, make sure that the requested libraries have been loaded successfully; Unload and then reload the extension and try again. If you have found an issue, please report it in the GitHub project.

Step 4. You can configure this extension by using its "option" tab and by right click on the columns' headers.

Step 5. If you like the project, give the repo a star! <3 Stargazers

Features:

  • Works with the latest version of Burp Suite (tested on 1.7.27)
  • Logs all the tools that are sending requests and receiving responses
  • Ability to log from a specific tool
  • Ability to save the results in CSV format
  • Ability to show results of custom regular expressions in request/response
  • User can customise the column headers
  • Advanced Filters can be created to display only requests matching a specific string or regex pattern.
  • Row highlighting can be added using advanced filters to make interesting requests more visible.
  • Grep through logs.
  • Live requests and responses.
  • Multiple view options.
  • Pop out view panel.
  • Multithreaded.

Current Limitations:

  • Cannot log the requests' actual time unless originating from proxy tool.
  • Cannot calculate the actual delay between a request and its response unless originating from proxy tool.

Reporting bugs:

If you have found an issue, please report it in the GitHub project.

Latest version:

Please review the "CHANGELOG"

Recommendations To avoid logging requests that are not relevant, it is recommended to check 'in scope items only' in the configuration section. Similarly, send only the fields you need (configurable with the exported fields)

Development

In case you want to check what would be received, you can start a local server with:

node app.js

And configure the exporter address http://localhost:3000

# app.js
const http = require('http');
const server = http.createServer();

server.on('request', (request, response) => {
    let body = [];
    request.on('data', (chunk) => {
        body.push(chunk);
    }).on('end', () => {
        body = Buffer.concat(body).toString();

	console.log(`==== ${request.method} ${request.url}`);
	console.log('> Headers');
        console.log(request.headers);

	console.log('> Body');
	console.log(body);
        response.end();
    });
}).listen(3000);

About

Advanced Burp Suite Logging Extension

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 99.8%
  • HTML 0.2%