Burp Issues for All!
Bug Diaries is a Burp extension that implements an issue tracker for the community edition of Burp.
It is heavily under development but the master branch should be working.
- Setup Jython in Burp.
- Clone the repository.
- Load
bug-diaries.py
in Burp. - Navigate to the
Bug Diaries
tab.
- Right click on any request and select
Add Custom Issue
.- Every tab that supports context menus in Burp works. E.g., Target, Proxy, and Repeater.
- A new frame pops up with the request, response, host, and path (based on the request), already populated.
- Set a name for your issue.
- Optionally, select a template. The template will overwrite description,
remediation, and add the CWE number and name to the issue name.
- See below on how to customize it.
- Press
Save
. - The issue will be added to the
Bug Diaries
tab.
- In the
Bug Diaries
tab, select any issue. - The details will be populated in the panel.
- Double click on any issue, in the
Bug Diaries
tab. - A new frame will pop-up that allows editing.
- Edit the issue and press
Save
. - Modified issue will be displayed in the table.
Bug Diaries supports exporting issues to JSON. Request and responses are stored in base64.
- In the
Bug Diaries
tab clickExport
. - Select a file in the dialog. By default, only
.json
files are displayed.- The extension remembers your last used directory.
- The extension does not warn you if a file already exists.
- Issues will be exported in JSON format to the file.
The JSON file can be imported again.
Note: Importing will overwrite current issues.
- In the
Bug Diaries
tab clickImport
. - Select the file with exported issues.
- Issues are not populated in the table. As mentioned above, current items in the table are overwritten.
A lot. See the Issues
tab. I am currently working on creating the context menu
for sending the requests to other Burp tabs. Unfortunately, it does not work. If
I cannot debug it, I will probably rewrite the extension in Java.
Please make a github issue.
GPLv3, see LICENSE for details. I will probably switch to MIT later.