You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Rasmus Moorats
535b2546c1
|
6 months ago | |
|---|---|---|
| ElasticBurp | 12 months ago | |
| JarShim/burp | 1 year ago | |
| .gitignore | 1 year ago | |
| LICENSE | 7 years ago | |
| README.md | 1 year ago | |
| WASEQuery.py | 1 year ago | |
| build-jar.sh | 1 year ago | |
| docker-compose.yml | 6 months ago | |
| queries.txt | 7 years ago | |
| requirements.txt | 1 year ago | |
README.md
ElasticBurp
Scared about the weak searching performance of Burp Suite? Are you missing possibilities to search in Burp? ElasticBurp combines Burp Suite with the search power of ElasticSearch.
Installation
- Install ElasticSearch and Kibana.
- Configure both - For security reasons it is recommend to let them listen on localhost:
- Set
network.host: 127.0.0.1in/etc/elasticsearch/elasticsearch.yml. - Set
host: "127.0.0.1"in/opt/kibana/config/kibana.yml.
- Install dependencies in the Jython environment used by Burp Extender with:
$JYTHON_PATH/bin/pip install -r requirements.txt - Load ElasticBurp.py as Python extension in Burp Extender.
Usage
See this blog article for usage examples.
WASEQuery
Search ElasticSearch indices created by WASE for
- responses with missing headers
- responses with missing parameters
- all values that were set for a header (e.g. X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, Content-Security-Policy, ...)
...or do arbitrary search queries.
Invoke WASEQuery.py for help message. This blog article shows some examples for usage of WASEQuery.