|Rasmus Moorats 535b2546c1|
Scared about the weak searching performance of Burp Suite? Are you missing possibilities to search in Burp? ElasticBurp combines Burp Suite with the search power of ElasticSearch.
- Install ElasticSearch and Kibana.
- Configure both - For security reasons it is recommend to let them listen on localhost:
- Install dependencies in the Jython environment used by Burp Extender with:
$JYTHON_PATH/bin/pip install -r requirements.txt
- Load ElasticBurp.py as Python extension in Burp Extender.
See this blog article for usage examples.
Search ElasticSearch indices created by WASE for
- responses with missing headers
- responses with missing parameters
- all values that were set for a header (e.g. X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, Content-Security-Policy, ...)
...or do arbitrary search queries.
Invoke WASEQuery.py for help message. This blog article shows some examples for usage of WASEQuery.