burpdot is a quickly hacked together Ruby script to convert Burp log files into simple Graphviz DOT files.
Download the ruby file and run with:
./burpdot.rb -i burplogfile.log -o burp.dot
You can then process these files into graphic files using Graphviz tools, such as neato or sfdp:
sfdp -v -Tpng -O burp.dot
The alternative is to just pipe the output of burpdot directly into Graphviz:
./burpdot.rb -i burplogfile.log | sfdp -v -Tpng -o burp.png
I've had most luck with sfdp, as I've had neato freeze up on me, or take an extraordinary amount of time. You can read more about these tools here:
With the new “csv” mode you can pipe burpdot's output through afterglow into graphviz (using the supplied burp.properties color file):
./burpdot.rb -i burplogfile.log -m csv | ./afterglow.pl -t -c burp.properties | \ neato -v -Tpng -Gnormalize=true -Gsplines=true -Goverlap=vpsc -o burp.png
Because overlap settings aren't set by afterglow, I've specified them using the -G option. Afterglow requires the -t option because the CSV only has 2 columns instead of 3.
As of version 0.5, burpdot now has “burpweb”, which is a web based interface to create (as long as the dependencies are there) graphics from burp log files.
Some of the dependancies:
1) You'll need to download the excellent Afterglow tool from http://afterglow.sourceforge.net/ and copy the afterglow.pl file (located in afterglow/src/perl/graph) into burpdot's root folder 2) You'll also need to install Graphviz such that neato is in your PATH (if you install it properly it should be there already) 3) Get some gems into ya: parseconfig, dm-core, dm-migrations, dm-aggregates, dm-sqlite-adapter, builder
Once you have all the dependancies it's simple to start:
By default, burpweb will listen on 127.0.0.1:8015, but you can edit these options in burpweb.cfg
For a quick demo see:
1. When you zoom on the visualisation (with the scroll wheel or click) you lose your position
Burpdot now has 3 primary modes of operation, either output in DOT syntax (with very limited formatting), or output in a “ref,url” CSV format, or output the data into a SQLite DB file. CSV mode is particular important for parsing these files with Afterglow. Mode is specified by the -m option. By default the option is “dot”, but if you specify “csv” then a CSV is either printed to the screen or saved to a file (with the -o option), or “sqlite” (If you use sqlite, you MUST specify an output file with the -o option). If the mode is set to CSV then the overlap option (-l) is ignored. You can download and read more about Afterglow here:
If you don't specify an -o option, burpdot will simply print the output to screen. This allows you to quickly confirm that it contains data you want, or perhaps you want to pipe it through another command line tool, such as Afterglow.
When in “dot” mode, you can also set the -l option. The -l option, or Overlap mode, specifies the Graphviz method for ensuring that nodes within the visualisation do not overlap. By default, the dot file is set for orthoyx, which means that overlaps are moved by optimizing two constraint problems, one for the y axis and one for the x. There are other options available for overlap removal, which you can review here:
You can specify the “depth” of data extracted from Burp's logs, setting the -d option to either 0, 1, 2 or 3. Depth 0: Just extract domain information. Depth 1: Extract domain and path information, excluding the file, so grouped by folders *New as of 0.5.1 Depth 2: Extract domain and path information (this is the default setting if no depth is specified) Depth 3: Extract domain, path and query string information.
Usage: ./burpdot.rb [options] Specific Options: -h, --help Show help -i <burp log file> Input: The Burp Log File -l <overlap mode> Overlap: DOT file overlap mode. Defaults to 'orthoyx' -o <output file> Output: The output file -m <mode> Mode: either dot, csv or sqlite. Defaults to dot -v, --version Show version -d, -d <depth> Depth: 0, 1, 2 or 3. Defaults to 2 Example Overlap modes: 'scale', 'prism', 'vpsc', 'orthoyx' See http://www.graphviz.org/doc/info/attrs.html#d:overlap for more information Overlap is only used in "dot" mode.
So yeah, the Graphviz set of tools is quite the monster and I'm not going to pretend I understand it all. To get the best looking graphs, assuming you're going through Afterglow, I've had the most luck with the following incantations:
neato -v -Tpng -Gnormalize=true -Gsplines=true -o burp.png
This gives you a fairly tight grouping of nodes, but you should be able to identify busy nodes quite easily.
neato -v -Tpng -Gnormalize=true -Gsplines=true -Goverlap=vpsc -o burp.png
This uses the vpsc overlap mode, which seems to be good at keeping the graphic tight, but with minimal (if any) overlaps. This is still likely to generate large images though.
In both of the above examples I've set splines to true, which makes the lines weave and look a bit nicer, you can get rid of that option if you wish.
Version 0.5.2 of burpdot, released on 20th of August 2011.
- Minor revision to handle referrers a little bit better - Also now defaults to depth 1 for burpweb - NB: Burpweb doesn't seem to work nice with Ruby 1.9, so at this point we recommend running Burpdot and Burpweb with Ruby 1.8
Version 0.5.1 of burpdot, released on 10th of August 2011.
- Minor revision to modify the depth settings - You can now just list folders, excluding files. - Watch out if you were used to the old depth settings, these have changed slightly.
Version 0.5 of burpdot, released on 7th of June 2011.
- Minor back end changes to import and sqlite output - First release incorporating BurpWeb
Version 0.4 of burpdot, released on 7th of April 2011.
- The import methods now capture the verb (GET or POST) - New "depth" option - Can output into an SQLite DB file - Changed default "DOT" mode sort to vpsc - Updated tips and tricks for overlapping optimisation (awesomeisation)
Version 0.3 of burpdot, released on the 31st of March 2011.
- The burpdot.rb file should function identically to 0.2 - Split out some of the logic into separate modules, files, classes etc - This is primarily to allow for future output extensions, such as databases
Version 0.2 of burpdot, released on the 29th of March 2011.
- Now has "mode" option, either set to "dot" or "csv" - Comes with a simple "burp.properties" color file for Afterglow
Version 0.1 of burpdot, released on the 19th of March 2011.
Copyright 2011 Christian Frichot Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Burp Suite is available from:
Graphviz is available from:
Afterglow is available from:
You can contact Christian at: