Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 179 lines (109 sloc) 7.926 kb

burpdot

burpdot is a quickly hacked together Ruby script to convert Burp log files into simple Graphviz DOT files.

Download the ruby file and run with:

./burpdot.rb -i burplogfile.log -o burp.dot

You can then process these files into graphic files using Graphviz tools, such as neato or sfdp:

sfdp -v -Tpng -O burp.dot

The alternative is to just pipe the output of burpdot directly into Graphviz:

./burpdot.rb -i burplogfile.log | sfdp -v -Tpng -o burp.png

I've had most luck with sfdp, as I've had neato freeze up on me, or take an extraordinary amount of time. You can read more about these tools here:

http://www.graphviz.org/

With the new “csv” mode you can pipe burpdot's output through afterglow into graphviz (using the supplied burp.properties color file):

./burpdot.rb -i burplogfile.log -m csv | ./afterglow.pl -t -c burp.properties | \
neato -v -Tpng -Gnormalize=true -Gsplines=true -Goverlap=vpsc -o burp.png

Because overlap settings aren't set by afterglow, I've specified them using the -G option. Afterglow requires the -t option because the CSV only has 2 columns instead of 3.

burpweb

As of version 0.5, burpdot now has “burpweb”, which is a web based interface to create (as long as the dependencies are there) graphics from burp log files.

Some of the dependancies:

1) You'll need to download the excellent Afterglow tool from http://afterglow.sourceforge.net/ and copy the afterglow.pl file (located in afterglow/src/perl/graph) into burpdot's root folder
2) You'll also need to install Graphviz such that neato is in your PATH (if you install it properly it should be there already)
3) Get some gems into ya: parseconfig, dm-core, dm-migrations, dm-aggregates, dm-sqlite-adapter, builder

Once you have all the dependancies it's simple to start:

./burpweb.rb

By default, burpweb will listen on 127.0.0.1:8015, but you can edit these options in burpweb.cfg

For a quick demo see:

http://www.youtube.com/watch?v=rrBnAWE2fuw

Known issues:

1. When you zoom on the visualisation (with the scroll wheel or click) you lose your position

Options

Mode

Burpdot now has 3 primary modes of operation, either output in DOT syntax (with very limited formatting), or output in a “ref,url” CSV format, or output the data into a SQLite DB file. CSV mode is particular important for parsing these files with Afterglow. Mode is specified by the -m option. By default the option is “dot”, but if you specify “csv” then a CSV is either printed to the screen or saved to a file (with the -o option), or “sqlite” (If you use sqlite, you MUST specify an output file with the -o option). If the mode is set to CSV then the overlap option (-l) is ignored. You can download and read more about Afterglow here:

http://afterglow.sourceforge.net/

Output

If you don't specify an -o option, burpdot will simply print the output to screen. This allows you to quickly confirm that it contains data you want, or perhaps you want to pipe it through another command line tool, such as Afterglow.

Overlap

When in “dot” mode, you can also set the -l option. The -l option, or Overlap mode, specifies the Graphviz method for ensuring that nodes within the visualisation do not overlap. By default, the dot file is set for orthoyx, which means that overlaps are moved by optimizing two constraint problems, one for the y axis and one for the x. There are other options available for overlap removal, which you can review here:

http://www.graphviz.org/doc/info/attrs.html#d:overlap

Depth

You can specify the “depth” of data extracted from Burp's logs, setting the -d option to either 0, 1, 2 or 3. Depth 0: Just extract domain information. Depth 1: Extract domain and path information, excluding the file, so grouped by folders *New as of 0.5.1 Depth 2: Extract domain and path information (this is the default setting if no depth is specified) Depth 3: Extract domain, path and query string information.

Usage

Usage: ./burpdot.rb [options]

Specific Options:
   -h, --help                       Show help
   -i <burp log file>               Input: The Burp Log File
   -l <overlap mode>                Overlap: DOT file overlap mode. Defaults to 'orthoyx'
   -o <output file>                 Output: The output file
   -m <mode>                        Mode: either dot, csv or sqlite. Defaults to dot
   -v, --version                    Show version
   -d, -d <depth>                   Depth: 0, 1, 2 or 3. Defaults to 2

Example Overlap modes: 'scale', 'prism', 'vpsc', 'orthoyx'
See http://www.graphviz.org/doc/info/attrs.html#d:overlap for more information

Overlap is only used in "dot" mode.

Graphviz Tips

So yeah, the Graphviz set of tools is quite the monster and I'm not going to pretend I understand it all. To get the best looking graphs, assuming you're going through Afterglow, I've had the most luck with the following incantations:

neato -v -Tpng -Gnormalize=true -Gsplines=true -o burp.png

This gives you a fairly tight grouping of nodes, but you should be able to identify busy nodes quite easily.

neato -v -Tpng -Gnormalize=true -Gsplines=true -Goverlap=vpsc -o burp.png

This uses the vpsc overlap mode, which seems to be good at keeping the graphic tight, but with minimal (if any) overlaps. This is still likely to generate large images though.

In both of the above examples I've set splines to true, which makes the lines weave and look a bit nicer, you can get rid of that option if you wish.

History

Version 0.5.2 of burpdot, released on 20th of August 2011.

- Minor revision to handle referrers a little bit better
- Also now defaults to depth 1 for burpweb
- NB: Burpweb doesn't seem to work nice with Ruby 1.9, so at this point we recommend running Burpdot and Burpweb with Ruby 1.8

Version 0.5.1 of burpdot, released on 10th of August 2011.

- Minor revision to modify the depth settings
  - You can now just list folders, excluding files. 
  - Watch out if you were used to the old depth settings, these have changed slightly.

Version 0.5 of burpdot, released on 7th of June 2011.

- Minor back end changes to import and sqlite output
- First release incorporating BurpWeb

Version 0.4 of burpdot, released on 7th of April 2011.

- The import methods now capture the verb (GET or POST)
- New "depth" option
- Can output into an SQLite DB file
- Changed default "DOT" mode sort to vpsc
- Updated tips and tricks for overlapping optimisation (awesomeisation)

Version 0.3 of burpdot, released on the 31st of March 2011.

- The burpdot.rb file should function identically to 0.2
- Split out some of the logic into separate modules, files, classes etc
- This is primarily to allow for future output extensions, such as databases

Version 0.2 of burpdot, released on the 29th of March 2011.

- Now has "mode" option, either set to "dot" or "csv"
- Comes with a simple "burp.properties" color file for Afterglow

Version 0.1 of burpdot, released on the 19th of March 2011.

License

Copyright 2011 Christian Frichot

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Other links

Burp Suite is available from:

http://www.portswigger.net/

Graphviz is available from:

http://www.graphviz.org/

Afterglow is available from:

http://afterglow.sourceforge.net/

You can contact Christian at:

http://un-excogitate.org/
https://twitter.com/xntrik
Something went wrong with that request. Please try again.