mhmdiaa
commented
6 years ago That's a really interesting idea. Thanks for sharing!
Another way to do it is to create a browser extension that tracks actions in the UI and sends them to a Burp extension which correlates them with requests.
For example, when you click a button on the UI, the browser extension sends a notification to the Burp extension saying, "Hey, the user has clicked a button that has this ID on this page". Then, the Burp extension finds that three requests for example have been made since the button was clicked, so it groups them (in a mind map or by giving them a unique color in the history).
We can also add an exclusions list to remove requests that are made automatically (tracking and analytics requests for instance).
0xdevalias
Summary
Currently it can be difficult to understand what requests were made in Burp based on what UI elements were clicked. It would be interesting to visually (eg. mindmap, etc) map out all of the requests, and where the originated from. One method could be the referer header, or possibly some correlation with timestamps; link parsing, etc.
What problem are you trying to solve?
Have a better visual understanding of where all the requests in a complex app originate from, how they chain together (eg. workflows), etc
Example situation where this tool could be helpful
Web app pentests that make lots of seemingly scattered requests, or have endpoints that are only accessible as part of a workflow/chain, etc.
Is this tool already under development?
Are there any similar tools already out there?
Checklist