xx/ElasticBurp
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Push Burp requests to ElasticSearch
52 commits 1 branch 0 tags 308 KiB
Java 74.6%
Python 24%
Shell 1.4%
Find a file
Thomas Patzke 2c2ba15326 ElasticBurp: open/create index depending on existence 
Fixes appearance of error message when new index is created or on
initialization when index already exists.
2017-02-08 21:42:05 +01:00
.gitignore Repo cleanup 2016-07-10 23:44:39 +02:00
doc_HttpRequestResponse.py ElasticBurp: open/create index depending on existence 2017-02-08 21:42:05 +01:00
ElasticBurp.py ElasticBurp: open/create index depending on existence 2017-02-08 21:42:05 +01:00
LICENSE Initial commit 2016-03-02 23:43:21 +01:00
queries.txt Added query examples 2016-04-02 00:06:56 +02:00
README.md Updated README 2016-12-05 23:44:31 +01:00
test.py Initial Proof of Concept with test code 2016-02-20 15:15:13 +01:00
WASEHTMLParser.py Fixed merge of old code. 2016-06-17 00:34:36 +02:00
WASEProxy.py Fixed hanging WASEProxy issues 2016-10-10 23:31:48 +02:00
waseproxy.service Added systemd service unit file for WASEProxy 2016-10-14 23:37:17 +02:00
WASEQuery.py Fixed: --server parameter now working 2016-10-20 09:12:01 +02:00

README.md

WASE

WASE is a shortcut for Web Audit Search Engine. It's a framework for indexing HTTP requests/responses while web application audits in an ElasticSearch instance and enriching it with useful data. The indexed data can then be searched and aggregated with ElasticSearch queries or with Kibana.

Currently WASE contains the following parts:

  • doc_HttpRequestResponse.py: a library that implements the DocHTTPRequestResponse class. This class is an elasticsearch_dsl-based storage class of HTTP requests/responses (derived from Burps data structures and API).
  • ElasticBurp: a Burp plugin that feeds requests/responses into ElasticSearch.

ElasticBurp

Scared about the weak searching performance of Burp Suite? Are you missing possibilities to search in Burp? ElasticBurp combines Burp Suite with the search power of ElasticSearch.

Installation

  1. Install ElasticSearch and Kibana.
  2. Configure both - For security reasons it is recommend to let them listen on localhost:
  • Set network.host: 127.0.0.1 in /etc/elasticsearch/elasticsearch.yml.
  • Set host: "127.0.0.1" in /opt/kibana/config/kibana.yml.
  1. Load ElasticBurp.py as Python extension in Burp Extender.
  • The setting Folder for loading modules in Extender Options must be set to WASE source root (for doc_HttpRequestResponse)
  • tzlocal, elasticsearch and elasticsearch_dsl must be installed in the used Jython/Python environment. It is important that the packages are installed with pip from the Jython binary directory.

Currently there seem to be incompatibilities with the new Python Elasticsearch packages. Specify the 2.2 version when installing with pip: $JYTHON_HOME/bin/pip install elasticsearch_dsl==2.2

Usage

See this blog article for usage examples.

WASEProxy

A generic intercepting HTTP(S) proxy server that stores extracted data into an ElasticSearch index.

WASEQuery

Search ElasticSearch indices created by WASE for

  • responses with missing headers
  • responses with missing parameters
  • all values that were set for a header (e.g. X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, Content-Security-Policy, ...)

...or do arbitrary search queries.

Invoke WASEQuery.py for help message. This blog article shows some examples for usage of WASEQuery.