Home

Awesome

PortSwigger’s BurpSuite is the de facto tool for web, API, and mobile application assessments. Over the course of many engagements, the utility of being able to filter and extract data from BurpSuite to the file system became evident. Why? A few reasons…

Dump is a simple BurpSuite extension written in JRuby to exports HTTP(S) requests and responses for specified hosts in two different log formats, even in cases where logging was not enabled previously.

Log Formats

Note: Due to a limitation of accessing certain types of metadata within the Burp Extender API, please note that timestamps and the IP address entries in metadata header of the Burp log file format are faked, as highlighted in this screenshot:

Faked Burp log file metadata

However, the URI portion is valid and reliable. Also, the original HTTP(S) request and response are unadulterated, with exception of the Burp Comment Header inserted by the dump plugin (unless disabled).

Hostname Filtering

The host filter is used to specify which hosts should be included the log output. For example,

Note: A partial match of the specified hostname will cause a match to occur and therefore will be included in log output. For example, if stratumsecurity.com were specified, then requests bound for blog.stratumsecurity.com and www.stratumsecurity.com will be present in the log output.

Burp Comments / Context

In order to preserve comments, the dump plugin is capable of inserting a custom HTTP header containing the Burp comments associated with HTTP(S) request/response pair. In order to accomplish this, dump inserts the X-Burp-Comment: header (by default, this is customizable) and inserts the current comment as data into the header.

Don’t want to insert Burp comments into log files? No problem – simply remove all text from the Dump's Burp Comment Header text field before dumping.

Additionally, a simple construct called Context is recognized by the dump plugin. The purpose of Contexts is to allow multiple Burp comments to be inserted into one instance of the custom HTTP header. The dump plugin recognizes any Burp comment containing the Context Separator value (!!! by default) as a context and all subsequent log entries will contain the Burp Comment identified as a Context, until updated by a different Burp comment also containing the Context Separator value.

One use for Contexts is to clearly identify which user is logged in when important transactions occur. For example,

X-Burp-Comment: Change Password | !!! John Login - Basic User

X-Burp-Comment: Transfer Funds | !!! John Login - Basic User

X-Burp-Comment: Change Password | !!! Mary Login - Admin User

X-Burp-Comment: Create User Account | !!! Mary Login - Admin User

X-Burp-Comment: Change User Account Email | !!! Mary Login - Admin User

SEE IT IN ACTION

A few videos that demonstrate how to use Dump can be found here:

https://www.youtube.com/watch?v=RzfH2YdCe7g&list=PLZ78xiCeE7VyHnxP5ESBYyeW2DmVghKME

CODE

Available at GitHub - https://github.com/crashgrindrips/burp-dump