{"id":16805443,"url":"https://github.com/thomaspatzke/wase","last_synced_at":"2025-03-17T03:31:21.412Z","repository":{"id":56634068,"uuid":"53002035","full_name":"thomaspatzke/WASE","owner":"thomaspatzke","description":"The Web Audit Search Engine - Index and Search HTTP Requests and Responses in Web Application Audits with ElasticSearch","archived":false,"fork":false,"pushed_at":"2020-10-27T21:17:55.000Z","size":74,"stargazers_count":113,"open_issues_count":5,"forks_count":46,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-03-16T07:51:10.160Z","etag":null,"topics":["burp","burp-plugin","elasticsearch","pentesting","webappsec"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thomaspatzke.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-03-02T22:43:21.000Z","updated_at":"2025-03-11T04:20:11.000Z","dependencies_parsed_at":"2022-08-15T22:20:25.192Z","dependency_job_id":null,"html_url":"https://github.com/thomaspatzke/WASE","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomaspatzke%2FWASE","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomaspatzke%2FWASE/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomaspatzke%2FWASE/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomaspatzke%2FWASE/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thomaspatzke","download_url":"https://codeload.github.com/thomaspatzke/WASE/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243968916,"owners_count":20376468,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burp","burp-plugin","elasticsearch","pentesting","webappsec"],"created_at":"2024-10-13T09:48:14.735Z","updated_at":"2025-03-17T03:31:21.111Z","avatar_url":"https://github.com/thomaspatzke.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# WASE\n\nWASE is a shortcut for Web Audit Search Engine. It's a framework for indexing HTTP requests/responses while web\napplication audits in an ElasticSearch instance and enriching it with useful data. The indexed data can then be searched\nand aggregated with ElasticSearch queries or with Kibana.\n\nCurrently WASE contains the following parts:\n\n* doc\\_HttpRequestResponse.py: a library that implements the DocHTTPRequestResponse class. This class is an\n  elasticsearch\\_dsl-based storage class of HTTP requests/responses (derived from Burps data structures and API).\n* ElasticBurp: a Burp plugin that feeds requests/responses into ElasticSearch.\n\n## ElasticBurp\n\nScared about the weak searching performance of Burp Suite? Are you missing possibilities to search in Burp? ElasticBurp\ncombines Burp Suite with the search power of ElasticSearch. It can be installed directly from the [Burp BApp\nStore](https://portswigger.net/bappstore/ShowBappDetails.aspx?uuid=67f5c31f93d04ad3a3b0a1808b3648fa).\n\n\n### Installation\n\n1. Install ElasticSearch and Kibana.\n2. Configure both - For security reasons it is recommend to let them listen on localhost:\n  * Set `network.host: 127.0.0.1` in `/etc/elasticsearch/elasticsearch.yml`.\n  * Set `host: \"127.0.0.1\"` in `/opt/kibana/config/kibana.yml`.\n3. Install dependencies in the Jython environment used by Burp Extender with: `$JYTHON_PATH/bin/pip install -r\n   requirements.txt`\n4. Load ElasticBurp.py as Python extension in Burp Extender.\n\nCurrently there seem to be incompatibilities with the new Python Elasticsearch packages. Specify the 2.2 version when installing\nwith pip: `$JYTHON_HOME/bin/pip install elasticsearch_dsl==2.2`\n\n### Usage\n\nSee [this blog article](https://patzke.org/an-introduction-to-wase-and-elasticburp.html) for usage examples.\n\n## WASEProxy\n\nA generic intercepting HTTP(S) proxy server that stores extracted data into an ElasticSearch index.\n\nInstallation with pip: `pip install -r requirements-proxy.txt`\n\n## WASEQuery\n\nSearch ElasticSearch indices created by WASE for\n\n* responses with missing headers\n* responses with missing parameters\n* all values that were set for a header (e.g. X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, Content-Security-Policy, ...)\n\n...or do arbitrary search queries.\n\nInvoke WASEQuery.py for help message. [This blog\narticle](https://patzke.org/analyzing-web-application-test-data-with-wasequery.html) shows some examples for usage of\nWASEQuery.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthomaspatzke%2Fwase","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthomaspatzke%2Fwase","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthomaspatzke%2Fwase/lists"}