search

nccgroup / LoggerPlusPlus

Advanced Burp Suite Logging Extension
GNU Affero General Public License v3.0
624 stars 155 forks source link

Elasticsearch Data Adding #66

Closed adamtimmins closed 5 years ago

adamtimmins commented 5 years ago

Hi guys,

Love the plugin, especially with the exporting of logs to ElasticSearch. Any possibility of adding the parameters as a field?

Cheers,

CoreyD97 commented 5 years ago

Hey, thanks for the feedback!

I'm afraid I don't know if I fully understand your request though. Do you wish to be able to configure the fields which are sent to elasticsearch? Or the addition of a new field like some form of name-value pair set storing parsed parameters?

Both are possible, I'm slightly backlogged with work at the moment but I hope to be able to work on this soon.

Thanks, Corey

adamtimmins commented 5 years ago

Both would be brilliant,

But I just mean the data outputted in the response. Adding that as a field in ElasticSearch be ideal.

Cheers for all the hard work!

Freakazoidile commented 5 years ago

+1 for this idea. It would be great to be able to have the full body of the HTTP request and responses exported to ELK. This would include POST data sent in the body of the request, and responses from the application.

This would help when troubleshooting why an application or server crashed, helping to configure and tune WAFs, logs, and training of security personnel.

Being able to configure which fields are sent to elasticsearch would be amazing.

Freakazoidile commented 5 years ago

In the file BurpSuiteLoggerPlusPlus/src/main/java/loggerplusplus/ElasticSearchLogger.java lines 160 and 161 are what I was looking for. I have tried to rebuild using Gradle but am getting an error.

I've never used gradle, or built a java app, or built a burp extension so I would either need a bit more direction on building, or if you could uncomment those lines and rebuild that would be appreciated.. My error is:

~/BurpSuiteLoggerPlusPlus/src/test/java/TestLogger.java:4: error: cannot find symbol
        burp.StartBurp.main(args);
            ^
  symbol:   class StartBurp
  location: package burp
1 error

In the build.gradle settings I have changed the location of the jar to the correct path where I have burpsuite_pro_2.0.11.jar located.

Freakazoidile commented 5 years ago

OK I've implemented this and have it working.

For anyone who wants to enable the full request and response body follow these steps:

  1. git clone https://github.com/nccgroup/BurpSuiteLoggerPlusPlus/
  2. Install gradle for building the JAR. I'm on Mac so: brew install gradle
  3. Modify line 13 of build.gradle in the root directory of the repo with the correct path to the Burp .JAR file for build purposes: testCompile files('/Applications/Burp\ Suite\ Professional.app/Contents/java/app/burpsuite_pro.jar')
  4. Uncomment lines 160 and 161 in "BurpSuiteLoggerPlusPlus/src/main/java/loggerplusplus/ElasticSearchLogger.java" The lines look like this: 
    .field("requestbody", new String(logEntry.requestResponse.getRequest()))
.field("responsebody", new String(logEntry.requestResponse.getResponse()))
  5. In the root directory of the repo build the jar: gradle fatjar. If this gives errors follow the gradle help. use grade fatjar --info to get some verbosity of the build, and gradle fatjar --debug to get a more verbose build log.
  6. The .JAR is outputted in: BurpSuiteLoggerPlusPlus/build/libs
  7. Import to Burp and enjoy!
CoreyD97 commented 5 years ago

Thanks to a pull request by #67 by @JSelvi this has been merged into the development branch for the next release.

Thank you @Freakazoidile for supplying the workaround in the meantime.