login

Burp Suite, the leading toolkit for web application security testing

PortSwigger Web Security Blog

Friday, 14 December 2012

Sample Burp Suite extension: custom logger

This extension provides something that has often been requested: a suite-wide HTTP logger within the main Burp UI. It provides a great example of how you can add some really useful functionality to Burp with a very small amount of code or effort.


The extension uses the following techniques, which are made possible by the new extensibility API:
  • It creates a custom tab within the main Burp UI, in which to display the message log.
  • It creates two instances of Burp's own HTTP message editor, in which to display the selected request and response (as in the Proxy history).
  • It provides an implementation of IMessageEditorController, which the message editors can query to obtain additional details about the displayed messages (to support context menu actions, etc.).
  • It asks Burp to customize its own UI components, in line with Burp's UI style.
  • It adds an HTTP listener, to receive details of requests and responses made by all Burp tools.
  • It uses an extension helper method to analyze the URL in each request.
In approximately 200 lines of fairly simple code, this extension adds a useful new feature, with all of the fiddly work (handling and rendering of HTTP messages) being done by Burp itself via the API.

Download the custom logger extension. The download includes source code for Java and Python, and the compiled JAR file for Java.

[Disclaimer: My Python fu is weak. In fact, this series of Burp extensions is the only Python code I've ever written. This extension is a bit more complicated than the earlier ones. Apologies to any Python heads if my code makes you cringe.]

3 comments:

Unknown said...

A zip file? At who epoch do you live ? Put the sources on github dude !

Anonymous said...

It would be nice to save the log in a file, too

Unknown said...

I was trying to install manual and automatic options and did not see any new tab appear for custom logger, neither errors. Please provide details on how to install it.


User Forum

Get help from other users, at the Burp Suite User Forum:

Visit the forum ›

Copyright 2014 PortSwigger Ltd. All rights reserved.