Skip to content
Newer
Older
100644 170 lines (105 sloc) 7.42 KB
c15fd4a @xntrik Committing README.rdoc
authored Mar 19, 2011
1 = burpdot
2
3 burpdot is a quickly hacked together Ruby script to convert Burp log files into simple Graphviz DOT files.
4
5 Download the ruby file and run with:
6
7 ./burpdot.rb -i burplogfile.log -o burp.dot
8
9 You can then process these files into graphic files using Graphviz tools, such as neato or sfdp:
10
11 sfdp -v -Tpng -O burp.dot
12
37f5178 @xntrik Version 0.2
authored Mar 29, 2011
13 The alternative is to just pipe the output of burpdot directly into Graphviz:
14
15 ./burpdot.rb -i burplogfile.log | sfdp -v -Tpng -o burp.png
16
c15fd4a @xntrik Committing README.rdoc
authored Mar 19, 2011
17 I've had most luck with sfdp, as I've had neato freeze up on me, or take an extraordinary amount of time. You can read more about these tools here:
18
19 http://www.graphviz.org/
20
37f5178 @xntrik Version 0.2
authored Mar 29, 2011
21 With the new "csv" mode you can pipe burpdot's output through afterglow into graphviz (using the supplied burp.properties color file):
22
39bd010 @xntrik Updated to version 0.4
authored Apr 7, 2011
23 ./burpdot.rb -i burplogfile.log -m csv | ./afterglow.pl -t -c burp.properties | \
24 neato -v -Tpng -Gnormalize=true -Gsplines=true -Goverlap=vpsc -o burp.png
37f5178 @xntrik Version 0.2
authored Mar 29, 2011
25
cb4d763 @xntrik Readme updated
authored Mar 29, 2011
26 Because overlap settings aren't set by afterglow, I've specified them using the -G option. Afterglow requires the -t option because the CSV only has 2 columns instead of 3.
37f5178 @xntrik Version 0.2
authored Mar 29, 2011
27
9b5d771 @xntrik versioning for 0.5
authored Jun 7, 2011
28 = burpweb
29
30 As of version 0.5, burpdot now has "burpweb", which is a web based interface to create (as long as the dependencies are there) graphics from burp log files.
31
32 Some of the dependancies:
33
34 1) You'll need to download the excellent Afterglow tool from http://afterglow.sourceforge.net/ and copy the afterglow.pl file (located in afterglow/src/perl/graph) into burpdot's root folder
35 2) You'll also need to install Graphviz such that neato is in your PATH (if you install it properly it should be there already)
36 3) Get some gems into ya: parseconfig, dm-core, dm-migrations, dm-aggregates, dm-sqlite-adapter, builder
37
38 Once you have all the dependancies it's simple to start:
39
40 ./burpweb.rb
41
42 By default, burpweb will listen on 127.0.0.1:8015, but you can edit these options in burpweb.cfg
43
44 For a quick demo see:
45
46 http://www.youtube.com/watch?v=rrBnAWE2fuw
47
48 Known issues:
49
50 1. When you zoom on the visualisation (with the scroll wheel or click) you lose your position
51
c15fd4a @xntrik Committing README.rdoc
authored Mar 19, 2011
52 == Options
53
39bd010 @xntrik Updated to version 0.4
authored Apr 7, 2011
54 Mode
55 Burpdot now has 3 primary modes of operation, either output in DOT syntax (with very limited formatting), or output in a "ref,url" CSV format, or output the data into a SQLite DB file. CSV mode is particular important for parsing these files with Afterglow. Mode is specified by the -m option. By default the option is "dot", but if you specify "csv" then a CSV is either printed to the screen or saved to a file (with the -o option), or "sqlite" (If you use sqlite, you MUST specify an output file with the -o option). If the mode is set to CSV then the overlap option (-l) is ignored. You can download and read more about Afterglow here:
c15fd4a @xntrik Committing README.rdoc
authored Mar 19, 2011
56
39bd010 @xntrik Updated to version 0.4
authored Apr 7, 2011
57 http://afterglow.sourceforge.net/
c15fd4a @xntrik Committing README.rdoc
authored Mar 19, 2011
58
39bd010 @xntrik Updated to version 0.4
authored Apr 7, 2011
59 Output
60 If you don't specify an -o option, burpdot will simply print the output to screen. This allows you to quickly confirm that it contains data you want, or perhaps you want to pipe it through another command line tool, such as Afterglow.
c15fd4a @xntrik Committing README.rdoc
authored Mar 19, 2011
61
39bd010 @xntrik Updated to version 0.4
authored Apr 7, 2011
62 Overlap
63 When in "dot" mode, you can also set the -l option. The -l option, or Overlap mode, specifies the Graphviz method for ensuring that nodes within the visualisation do not overlap. By default, the dot file is set for orthoyx, which means that overlaps are moved by optimizing two constraint problems, one for the y axis and one for the x. There are other options available for overlap removal, which you can review here:
37f5178 @xntrik Version 0.2
authored Mar 29, 2011
64
39bd010 @xntrik Updated to version 0.4
authored Apr 7, 2011
65 http://www.graphviz.org/doc/info/attrs.html#d:overlap
66
67 Depth
76b11e4 @xntrik version 0.5.1 - modified the depth settings slightly
authored Aug 10, 2011
68 You can specify the "depth" of data extracted from Burp's logs, setting the -d option to either 0, 1, 2 or 3.
69 Depth 0: Just extract domain information.
70 Depth 1: Extract domain and path information, excluding the file, so grouped by folders *New as of 0.5.1
39bd010 @xntrik Updated to version 0.4
authored Apr 7, 2011
71 Depth 2: Extract domain and path information (this is the default setting if no depth is specified)
72 Depth 3: Extract domain, path and query string information.
37f5178 @xntrik Version 0.2
authored Mar 29, 2011
73
5725a26 @xntrik Slight changes to README
authored Mar 31, 2011
74 == Usage
75
76 Usage: ./burpdot.rb [options]
77
78 Specific Options:
79 -h, --help Show help
80 -i <burp log file> Input: The Burp Log File
81 -l <overlap mode> Overlap: DOT file overlap mode. Defaults to 'orthoyx'
82 -o <output file> Output: The output file
39bd010 @xntrik Updated to version 0.4
authored Apr 7, 2011
83 -m <mode> Mode: either dot, csv or sqlite. Defaults to dot
5725a26 @xntrik Slight changes to README
authored Mar 31, 2011
84 -v, --version Show version
76b11e4 @xntrik version 0.5.1 - modified the depth settings slightly
authored Aug 10, 2011
85 -d, -d <depth> Depth: 0, 1, 2 or 3. Defaults to 2
5725a26 @xntrik Slight changes to README
authored Mar 31, 2011
86
87 Example Overlap modes: 'scale', 'prism', 'vpsc', 'orthoyx'
88 See http://www.graphviz.org/doc/info/attrs.html#d:overlap for more information
89
39bd010 @xntrik Updated to version 0.4
authored Apr 7, 2011
90 Overlap is only used in "dot" mode.
91
92 == Graphviz Tips
93
94 So yeah, the Graphviz set of tools is quite the monster and I'm not going to pretend I understand it all. To get the best looking graphs, assuming you're going through Afterglow, I've had the most luck with the following incantations:
95
96 neato -v -Tpng -Gnormalize=true -Gsplines=true -o burp.png
97
98 This gives you a fairly tight grouping of nodes, but you should be able to identify busy nodes quite easily.
99
100 neato -v -Tpng -Gnormalize=true -Gsplines=true -Goverlap=vpsc -o burp.png
101
102 This uses the vpsc overlap mode, which seems to be good at keeping the graphic tight, but with minimal (if any) overlaps. This is still likely to generate large images though.
103
104 In both of the above examples I've set splines to true, which makes the lines weave and look a bit nicer, you can get rid of that option if you wish.
5725a26 @xntrik Slight changes to README
authored Mar 31, 2011
105
c15fd4a @xntrik Committing README.rdoc
authored Mar 19, 2011
106 == History
107
76b11e4 @xntrik version 0.5.1 - modified the depth settings slightly
authored Aug 10, 2011
108 Version 0.5.1 of burpdot, released on 10th of Auguest 2011.
109 - Minor revision to modify the depth settings
110 - You can now just list folders, excluding files.
111 - Watch out if you were used to the old depth settings, these have changed slightly.
112
9b5d771 @xntrik versioning for 0.5
authored Jun 7, 2011
113 Version 0.5 of burpdot, released on 7th of June 2011.
114 - Minor back end changes to import and sqlite output
115 - First release incorporating BurpWeb
116
39bd010 @xntrik Updated to version 0.4
authored Apr 7, 2011
117 Version 0.4 of burpdot, released on 7th of April 2011.
118 - The import methods now capture the verb (GET or POST)
119 - New "depth" option
120 - Can output into an SQLite DB file
121 - Changed default "DOT" mode sort to vpsc
122 - Updated tips and tricks for overlapping optimisation (awesomeisation)
123
952a1cf @xntrik Updated to version 0.3
authored Mar 31, 2011
124 Version 0.3 of burpdot, released on the 31st of March 2011.
125 - The burpdot.rb file should function identically to 0.2
126 - Split out some of the logic into separate modules, files, classes etc
127 - This is primarily to allow for future output extensions, such as databases
128
37f5178 @xntrik Version 0.2
authored Mar 29, 2011
129 Version 0.2 of burpdot, released on the 29th of March 2011.
130 - Now has "mode" option, either set to "dot" or "csv"
131 - Comes with a simple "burp.properties" color file for Afterglow
132
133 Version 0.1 of burpdot, released on the 19th of March 2011.
c15fd4a @xntrik Committing README.rdoc
authored Mar 19, 2011
134
135 == License
136
137 Copyright 2011 Christian Frichot
138
139 Licensed under the Apache License, Version 2.0 (the "License");
140 you may not use this file except in compliance with the License.
141 You may obtain a copy of the License at
142
143 http://www.apache.org/licenses/LICENSE-2.0
144
145 Unless required by applicable law or agreed to in writing, software
146 distributed under the License is distributed on an "AS IS" BASIS,
147 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
148 See the License for the specific language governing permissions and
149 limitations under the License.
150
151 == Other links
152
153 Burp Suite is available from:
154
155 http://www.portswigger.net/
156
2059cf6 @xntrik Updating README
authored Mar 19, 2011
157 Graphviz is available from:
158
159 http://www.graphviz.org/
160
cb4d763 @xntrik Readme updated
authored Mar 29, 2011
161 Afterglow is available from:
162
163 http://afterglow.sourceforge.net/
164
c15fd4a @xntrik Committing README.rdoc
authored Mar 19, 2011
165 You can contact Christian at:
166
167 http://un-excogitate.org/
168 https://twitter.com/xntrik
37f5178 @xntrik Version 0.2
authored Mar 29, 2011
169
Something went wrong with that request. Please try again.