To populate the table by using a saved log file.

Next step will be to populate it by using the Burp Suite saved states/logs.

It is good to see how many requests have been sent with different tools (proxy, scanner, intruder, etc.).
How many requests have been sent and how many responses have been received (to detect any form of DoS when there is no response).
How many requests have been sent with a specific regular expression rule (for header and body).
How many responses have been received with a specific regular expression rule (for header and body).

Currently right click does not do anything in Logger++ on specific items
Selecting multiple or a single row should also be considered

A selection with a regular expression like this one [a-fA-F0-9]{32} is not escaped when creating a filter and will instead seek to match the expression and not the text.

This issue is in fact also a test case.

Hello,

It would be nice to have an apply button when you edit color filters. Otherwise you have to close the editing windows to see if filter works and reopen & resize it (especially when working with long regexes).

Thank you,

Save the last column which was used to order the table based on the order type (ascending,descending).
When the order field is disabled, the application should not apply this.

It would be good if the split between the two horizontal windows would not be limited to a certain height.

To grep something from the request (header and body) and its response (header and body) and show it in the log table.
It may slow down the logging but it is worth it as can be customised to extract interesting data.
If someone changes the RegEx in the middle of logging, it should not affect the previously found data.

Hi Soroush Dalili,

Today i got below errors when used regex to filter comments from all responses.
(/([^_]|[\r\n]|(_+([^_/]|[\r\n])))_+/)|(//.*) - to filter the comments from response,

at java.util.regex.Pattern$Branch.match(Unknown Source)
at java.util.regex.Pattern$GroupHead.match(Unknown Source)
at java.util.regex.Pattern$Loop.match(Unknown Source)
at java.util.regex.Pattern$GroupTail.match(Unknown Source)
at java.util.regex.Pattern$BranchConn.match(Unknown Source)
at java.util.regex.Pattern$CharProperty.match(Unknown Source)

request you to look into it. Thanks in advance.

Regards
Bhaskar from BaanuTech

It happens that the context menu of logger++ doesn't appear because of exception (stacktrace is attached).
Not much details about the cause. The last selection I was highlighting to create a filter through Logger++ context menu was <div class="opux-alert-body"> <h2>Valitse uusi toiminto</h2> <p>Valitse tilit uudelleen.</p>
It might happened when treating strings with finnish special characters. Let me know which details/tests you would need to identify the cause.

Only solution is then to unload and reload extension.
stacktraceL++_contectmenu.txt

It will be good to create an option for check-for-update on start-up. This can be automatically enabled when it has not been installed directly from BApp store on first install.

Downloading the new version from Github seems like a good option and it should be optional for non-BApp store users only.

Hello,

Color filter based on regex obtained with context menu from a text selection are invalidated when edited.
Below how to reproduce:

1. We create a regex color filter based on a text selection from a response
   

2. Filter is added and working fine
   

3. Clicking in the box to edit the filter. No changes were made, just entering edit mode
   

4. Leaving edit mode without making any changes by using key invalidate the filter that no longer work
   

In the case I showed the regex filter remains "valid" (green background). In some cases the filter turns invalid (red) although I made no changes and created the filters also from context menu selection. You can see them in some of my screenshots, the hidden-part contains no special character, only letters and a dash ('-') I escaped with backslash ('')

Hello,

First of, thank you for that useful extension.
Knowing how difficult it could be, would it be possible to add the payload highlights in the issues generated for the simple cases ?

Thank you,

Hello,

Would it be possible to export a selection of the logs with the context menu in some text format (or HTML) containing the information of the requestresponse object ?
That's for easier reporting on requestresponse items that didn't generate issues. The context menu option would be to avoid crafting a specific filter to capture solely the selection you want from the logs .

Thank you,

Hi,
For Logger++, you state:

Note 2: In order to save the data automatically, use Options>Misc>Logging.

Under which Burp tab is the Logging option? User Options? Project Options? Proxy? I think you are referring to Project Options, but I'm not sure.

I need to save the data as it is generated, since Burp has a habit of crashing. Will automatic logging save data to the .csv file as it is generated? Thank you.

Currently it does it silently that needs to change!

Reported by DC

I use the "Clear the logs" button (located in the "Options" tab) quite often, so I'm constantly switching between "View logs" and "Options".

It would be nice to have another "Clear logs" button in the "View logs" tab, next to the "Colorize" one.

Btw, thanks for this very useful extension!

If possible, add a column to distinguish between requests generated automatically by a session handling rule (e.g. a macro) and performed manually (via Intruder, Repeater, Scanner, etc.).
At the moment if I have a session handling rule that runs a macro that does 10 requests and I send to the Scanner a request associated to such a rule, I have no easy way to distinguish between the ones generated by the session handling rule and the ones generated by the Scanner.

Hello,

Just wanted to let you know that I faced an issue with Logger++ today where requests coming from the proxy tool were logged without the modifications my plugin made. Requests from Repeater and Intruder were logged after the modifications.

Flow, another (open source) logging plugin for Burp, actually logged the requests with the modifications, as expected.

I don't have time to jump into your code right now, perhaps I can dig a little deeper next week.

Similar to the Proxy section.

Hello,

First of all, thanks for the tool guys! 👍

Is it possible to sanitize the output?

I've found a CSV Injection in the tool.

If a user visits a malicious website:

<html>
     <title>=1+1</title>

PoC CSV Injection

</html>

When exporting the CSV and opening it on Excel, Gnumeric, etc will render the value:

And opening the exported CSV:

Thanks!

When the extension is reloaded any changes to columns is reset including the ordering of columns.

The Logger++ is a great extension, but I find it slightly unusable at this stage: it has way too many unnecessary columns. In my opinion a number of columns should be optional (to be configured from Options tab):

• Host should have exact same format as Host in Proxy tab (http://...).
• URL should have exact same format as URL in Proxy tab (/relative_path only).
• Method should be after Host.
• Port should be after URL and optional.
• Req Type same format as in MIME type in Proxy tab and optional.
• Remove the dot (.) from the Extension field.
• Referrer URL renamed to Referred and optional.
• QS? – is it Query String? If so, group it under Params like in Proxy tab.
• BodyParam? Group it under Params like in Proxy tab.
• Cookie? renamed to Sent Cookies and I do actually care to see them, like in Proxy tab.
• Req Length optional.
• Resp Type same format as in Proxy tab.
• Merge Detected Type and Inferred Type and optional.
• Set-Cookies? renamed to Set-Cookie and I do actually care to see them, like in Proxy tab.
• Resp Length optional.
• Does the Comment field auto-update if I update it in Proxy/Target?

• I Have 5000 Log's After Applying Log , And When i try to Save it .

Here is the Logger++_auto.csv

Number,Complete,Tool,Host,Method,Path,Query,Params,Status,ResponseLength,MimeType,UrlExtension,Comment,IsSSL,NewCookies,RequestTime,ResponseTime,ResponseDelay,ListenerInterface,Regex1Req,Regex1Resp,
Logs are not getting saved .

Am i Missing Something ?

Hi Soroush Dalili,

Logger++ is a nice plugin to work with.
I was thinking that it would be good to have dynamic filtering within our plugin based on the regex value to search the response / requests for required items or information.

In the current version we have added regex to see the response page title. If we can have same functionality with help of a user input field to accept user's regex expression and display only those records dynamically which matches the regex criteria.

Usefulness:

1. Easy to capture error messages.

2. Easy to capture information leakage areas unlike predefined keywords search. (generally inside of an organization we know what we are testing so it would be good to check only those keywords which are required - https://github.com/fuzzdb-project/fuzzdb/tree/master/regex).

3. Easy to find SQL Injections.

4. Lot more possibilities.

Hope you like this idea !!

Thanks & Regards
Bhaskar From 'BaanuTech'

Sometimes, when logger++ is not the last extension to be loaded, it causes any extensions after itself to not load. This can be fixed by reloading the extension.

If an extension changes a request within the proxy tool, Logger++ does not show the changes.

The extension I was testing this with was using processHttpMessage to manipulate the requests.

Moving Logger++ before or after the other extension did not resolve the issue. Therefore, order is not an issue here.

In order to see the final request that has been sent by Burp, Logger++ should be loaded as the last extension. However, the response can be changed by other extensions before being logged as well...

Currently the height of the log table is fixed which is not ideal.

I'm getting an error message for the Elastic search enable feature. It says None of the configured nodes are available.

I didn't see any other open or closed issues regarding this feature so I thought I would reach out.

I have Elkstack running and can pipe files or syslogs into 127.0.0.1:9300 but the connection cannot be made from Logger++.

Thanks,
Ryan

This is error message:

java.lang.NullPointerException: Response cannot be null at burp.w0f.analyzeResponse(Unknown Source) at loggerplusplus.LogEntry.processResponse(LogEntry.java:253) at loggerplusplus.LogManager$2.run(LogManager.java:75) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) java.lang.NullPointerException: Response cannot be null at burp.w0f.analyzeResponse(Unknown Source) at loggerplusplus.LogEntry.processResponse(LogEntry.java:253) at loggerplusplus.LogManager$2.run(LogManager.java:75) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) java.lang.NullPointerException: Response cannot be null at burp.w0f.analyzeResponse(Unknown Source) at loggerplusplus.LogEntry.processResponse(LogEntry.java:253) at loggerplusplus.LogManager$2.run(LogManager.java:75) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) java.lang.NullPointerException at loggerplusplus.LoggerContextMenuFactory.createMenuItems(LoggerContextMenuFactory.java:23) at burp.ohd.a(Unknown Source) at burp.cwd.a(Unknown Source) at burp.bsg.a(Unknown Source) at burp.q8h.a(Unknown Source) at burp.q4d.mousePressed(Unknown Source) at java.awt.AWTEventMulticaster.mousePressed(AWTEventMulticaster.java:280) at java.awt.Component.processMouseEvent(Component.java:6530) at javax.swing.JComponent.processMouseEvent(JComponent.java:3324) at java.awt.Component.processEvent(Component.java:6298) at java.awt.Container.processEvent(Container.java:2236) at java.awt.Component.dispatchEventImpl(Component.java:4889) at java.awt.Container.dispatchEventImpl(Container.java:2294) at java.awt.Component.dispatchEvent(Component.java:4711) at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4522) at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) at java.awt.Container.dispatchEventImpl(Container.java:2280) at java.awt.Window.dispatchEventImpl(Window.java:2746) at java.awt.Component.dispatchEvent(Component.java:4711) at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) at java.awt.EventQueue.access$500(EventQueue.java:97) at java.awt.EventQueue$3.run(EventQueue.java:709) at java.awt.EventQueue$3.run(EventQueue.java:703) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) at java.awt.EventQueue$4.run(EventQueue.java:731) at java.awt.EventQueue$4.run(EventQueue.java:729) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) at java.awt.EventQueue.dispatchEvent(EventQueue.java:728) at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) at java.awt.EventDispatchThread.run(EventDispatchThread.java:82) java.lang.NullPointerException at loggerplusplus.LoggerContextMenuFactory.createMenuItems(LoggerContextMenuFactory.java:23) at burp.ohd.a(Unknown Source) at burp.cwd.a(Unknown Source) at burp.bsg.a(Unknown Source) at burp.q8h.a(Unknown Source) at burp.q4d.mousePressed(Unknown Source) at java.awt.AWTEventMulticaster.mousePressed(AWTEventMulticaster.java:280) at java.awt.Component.processMouseEvent(Component.java:6530) at javax.swing.JComponent.processMouseEvent(JComponent.java:3324) at java.awt.Component.processEvent(Component.java:6298) at java.awt.Container.processEvent(Container.java:2236) at java.awt.Component.dispatchEventImpl(Component.java:4889) at java.awt.Container.dispatchEventImpl(Container.java:2294) at java.awt.Component.dispatchEvent(Component.java:4711) at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4522) at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) at java.awt.Container.dispatchEventImpl(Container.java:2280) at java.awt.Window.dispatchEventImpl(Window.java:2746) at java.awt.Component.dispatchEvent(Component.java:4711) at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) at java.awt.EventQueue.access$500(EventQueue.java:97) at java.awt.EventQueue$3.run(EventQueue.java:709) at java.awt.EventQueue$3.run(EventQueue.java:703) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) at java.awt.EventQueue$4.run(EventQueue.java:731) at java.awt.EventQueue$4.run(EventQueue.java:729) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) at java.awt.EventQueue.dispatchEvent(EventQueue.java:728) at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) at java.awt.EventDispatchThread.run(EventDispatchThread.java:82) java.lang.NullPointerException: Response cannot be null at burp.w0f.analyzeResponse(Unknown Source) at loggerplusplus.LogEntry.processResponse(LogEntry.java:253) at loggerplusplus.LogManager$2.run(LogManager.java:75) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) java.lang.NullPointerException: Response cannot be null at burp.w0f.analyzeResponse(Unknown Source) at loggerplusplus.LogEntry.processResponse(LogEntry.java:253) at loggerplusplus.LogManager$2.run(LogManager.java:75) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) java.lang.NullPointerException: Response cannot be null at burp.w0f.analyzeResponse(Unknown Source) at loggerplusplus.LogEntry.processResponse(LogEntry.java:253) at loggerplusplus.LogManager$2.run(LogManager.java:75) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) java.lang.NullPointerException: Response cannot be null at burp.w0f.analyzeResponse(Unknown Source) at loggerplusplus.LogEntry.processResponse(LogEntry.java:253) at loggerplusplus.LogManager$2.run(LogManager.java:75) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)

When exporting the requests into a file, POST requests won''t show the postdata or payloads used in these, they correctly register in the Logger++ proxy UI tho.

Please let me know if you need more info.

Having a list of all properties + a few examples would be awesome.

I'm using macros to trigger some "stateful behavior" on my target - this requires multiple requests to be sent in sequence, basically the last one will cause the previous input to be parsed, and trigger the vulnerability. I wrote a quick and dirty Flask script for simulation:

import os
from flask import Flask,request

class BurpTest:
    def __init__(self):
        self.c=""

    def run(self):
        os.system(self.c)

bt=BurpTest()
app=Flask(__name__)

@app.route("/")
def vuln():
    if 'c' in request.args:
        bt.c=request.args['c']
    return "hello"

@app.route("/run")
def r():
    bt.run()
    return "world"

As you can see this is a trivial command injection case. This is also detected by Burp that recognizes that some input results in >20s responses. However, the Response Delay values of Logger++ never show anything >1s.

I'm using post-request macros and make the response to the last macro request replace the response delivered to the Scanner.

Reset button does not check the Target checkbox.

Similar to repeater view:
top/bottom split
left/right split
tabs

Some thoughts:
Similar to filters to highlight specific items for instance when they are in the scope
if they are sent from different Tools
when a specific regex is in the request/response
etc.

Hey Soroush,

It'd be really cool if there was a feature to specify a number of minutes and a directory location and have the logger write to a file every n minutes. I often forget logger is running and then close burp and, now that Burp uses projects, and doesn't save the logger tab, I lose all the logs :(

Cheers,
Jack

Hi there,

it would be nice if it would be possible to filter by response status code. This would help during debugging and during regular pentesting. It would be best if the user could chose between the following status codes:

• Lower than 100
• 100s
• 200s
• ...
• 500s
• 600 and above

While developing an active scan plugin it is good to see if the server ever responds with status code 0, that usually means you screwed up the first line of the HTTP request and the server interpreted the request as HTTP/0.9 (no headers in response).

During pentesting this would be helpful especially to filter only for in-scop 500 responses that might be triggered from various active scans/extender plugins. That way you can easily see when the server side had issues.

cheers,
floyd

Hello,

Thank you for that usefull extension.
We wish there was an export functionality to share our filters across the team. Is there a way to do that or an implementation of this planned in a future release ?

Thank you,

It would be good if the columns could be dragged and dropped around and the setting made persistent across restarts of Burp Suite in the Options tab

It is possible to save log as SQLite format? Because request or response body will have binary data (ex: JPG, PNG ... ), the CSV parser (ex: logstatsh) can not parse perfectly.

When modifying option "View" from the menu bar, it is possible to have more than one option checked ("Top/Bottom" and "Tabs" in the attached screenshot). And the GUI was using "Tabs". The other option "Request/response view" seems OK.

Testbed: Linux + Burp Suite Pro v1.7.26 + Sun Java 1.8.0_144-b01

The ability to supply a regex pattern and have the plugin spit out any matches it finds would be useful.

This could be a table with each value and a context menu to view the item in the logger table, or a separate table.

A useful feature would include being able to store separate configuration settings to be saved within the burp suite project files which may be used on future loads. Also the storage of logger history within these files to be reimported when loading the project at a future time.

Hi,

Would it be possible to have a floating "view logs" window ?

Thank you,

Hi,

I am currently using Burp Tool & using extension called logger++. Can anybody guide me on the columns definitions that it will useful for me provided in logger++ table? Each column might have some definition. I am attaching the screenshot as well

Due to the incorrect handling of the request/response bytes, selections are incorrect due to a translation from UTF-8 to UTF-16. Selections after a large UTF-8 character are shifted.

Logger++, as of version 2.3, does not free memory when the button 'Clear the logs' is clicked. This eventually leads to memory exhaustion and freezing of Burp and the whole system.

Despite multithreading, a long operation is done on the search thread which halts the execution of other threads.

Control will resume once the search thread is complete.