bugbountyprojects / ideas

A project to track ideas needed by the infosec community.
https://bugbountyprojects.github.io/ideas/
11 stars 0 forks source link

Visual map of website endpoints from burp state #1

Open 0xdevalias opened 6 years ago

0xdevalias commented 6 years ago

Summary

Currently it can be difficult to understand what requests were made in Burp based on what UI elements were clicked. It would be interesting to visually (eg. mindmap, etc) map out all of the requests, and where the originated from. One method could be the referer header, or possibly some correlation with timestamps; link parsing, etc.

What problem are you trying to solve?

Have a better visual understanding of where all the requests in a complex app originate from, how they chain together (eg. workflows), etc

Example situation where this tool could be helpful

Web app pentests that make lots of seemingly scattered requests, or have endpoints that are only accessible as part of a workflow/chain, etc.

Is this tool already under development?

Are there any similar tools already out there?


Checklist

mhmdiaa commented 6 years ago

That's a really interesting idea. Thanks for sharing!

Another way to do it is to create a browser extension that tracks actions in the UI and sends them to a Burp extension which correlates them with requests.

For example, when you click a button on the UI, the browser extension sends a notification to the Burp extension saying, "Hey, the user has clicked a button that has this ID on this page". Then, the Burp extension finds that three requests for example have been made since the button was clicked, so it groups them (in a mind map or by giving them a unique color in the history).

We can also add an exclusions list to remove requests that are made automatically (tracking and analytics requests for instance).

0xdevalias commented 6 years ago

I definitely like the idea of the browser extension addition. I feel like there is so much power in our proxies (eg. burp) and our browser (eg. chrome), but we only barely make use of that power combined. I feel like there is a lot of space for improvement in tooling/information that we can get by tighter integrating browser and proxy, and your suggestion sounds like a great start!

0xdevalias commented 6 years ago

May be relevant: https://portswigger.net/blog/burps-new-crawler