Developed by Corey Arthur
Original by Soroush Dalili
Released as open source by NCC Group Plc - https://www.nccgroup.com/
Released under AGPL-3.0 see LICENSE for more information
Logger++ is a multithreaded logging extension for Burp Suite. In addition to logging requests and responses from all Burp Suite tools, the extension allows advanced filters to be defined to highlight interesting entries or filter logs to only those which match the filter.
A built in grep tool allows the logs to be searched to locate entries which match a specified pattern, and extract the values of the capture groups.
To enable logs to be used in other systems, the table can also be uploaded to elasticsearch or exported to CSV.
Log Filters
Row Highlights
Grep Search
You can use this extension without using the BApp store. In order to install the latest version of this extension from the GitHub repository, follow these steps:
Step 1. Download the latest release jar .
Step 2. In Burp Suite, click on the "Extender" tab, then in the "Extensions" tab click on the "Add" button and select the downloaded "loggerplusplus.jar" file.
Step 3. You should now be able to see the "Logger++" tab in Burp Suite. If it cannot log anything, check your Burp Suite extension settings. If the save buttons are disabled, make sure that the requested libraries have been loaded successfully; Unload and then reload the extension and try again. If you have found an issue, please report it in the GitHub project.
Step 4. You can configure this extension by using its "option" tab and by right click on the columns' headers.
Step 5. If you like the project, give the repo a star! <3
Features:
- Works with the latest version of Burp Suite (tested on 1.7.27)
- Logs all the tools that are sending requests and receiving responses
- Ability to log from a specific tool
- Ability to save the results in CSV format
- Ability to show results of custom regular expressions in request/response
- User can customise the column headers
- Advanced Filters can be created to display only requests matching a specific string or regex pattern.
- Row highlighting can be added using advanced filters to make interesting requests more visible.
- Grep through logs.
- Live requests and responses.
- Multiple view options.
- Pop out view panel.
- Multithreaded.
Current Limitations:
- Cannot log the requests' actual time unless originating from proxy tool.
- Cannot calculate the actual delay between a request and its response unless originating from proxy tool.
Reporting bugs:
If you have found an issue, please report it in the GitHub project.
Latest version:
Please review the "CHANGELOG"
Recommendations To avoid logging requests that are not relevant, it is recommended to check 'in scope items only' in the configuration section. Similarly, send only the fields you need (configurable with the exported fields)
In case you want to check what would be received, you can start a local server with:
node app.js
And configure the exporter address http://localhost:3000
# app.js
const http = require('http');
const server = http.createServer();
server.on('request', (request, response) => {
let body = [];
request.on('data', (chunk) => {
body.push(chunk);
}).on('end', () => {
body = Buffer.concat(body).toString();
console.log(`==== ${request.method} ${request.url}`);
console.log('> Headers');
console.log(request.headers);
console.log('> Body');
console.log(body);
response.end();
});
}).listen(3000);