Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/tony1016/burplogfilter
A python3 program to filter Burp Suite log file.
https://github.com/tony1016/burplogfilter
Last synced: 28 days ago
JSON representation
A python3 program to filter Burp Suite log file.
- Host: GitHub
- URL: https://github.com/tony1016/burplogfilter
- Owner: tony1016
- Created: 2016-05-18T02:25:54.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2016-05-26T01:41:42.000Z (about 8 years ago)
- Last Synced: 2024-02-08T20:17:45.852Z (4 months ago)
- Language: Python
- Homepage:
- Size: 24.4 KB
- Stars: 76
- Watchers: 4
- Forks: 32
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Lists
- awesome-burp-suite - **66**星
- awesome-burp-suite - **66**星
README
# BurpLogFilter
一个python3写的,用于过滤BurpSuite日志的小程序A python3 program to filter BurpSuite log file.
# WHY?
为什么要写这个程序呢?强大的SqlMap支持使用BurpSuite的日志进行批量分析,但是BurpSuite的日志记录了所有走代理的流量,包括静态资源啊,重复的提交啊,这些都会影响SqlMap的分析效率。于是打算写一个小程序,可以做到:
- 可以按照域名过滤请求
- 可以自动过滤静态资源请求
- 可以自动按照模式过滤URL,即相同URL和参数的请求,只会留其一(参数值对于SqlMap没有什么作用)Why I wrote this program?The powerful SqlMap accepts a BurpSuite log file to make batch anaylze,but the log of BurpSuite record everything,includes static resources,duplicated submits,which will reduce the efficiency of the analyze.So I wrote this utility to make:
- can filter with a hostname
- can filter static resources automatic
- can filter duplicated submits according to the url and params(the value of params is useless for SqlMap analyze)# USAGE
### 1.勾选BurpSuite输出日志(check the logging option)
![burpsuite](https://github.com/tony1016/BurpLogFilter/raw/master/res/burpsuite.png)
### 2.使用burplogfilter.py过滤日志(use burplogfilter.py to filter log file)
```sh
Usage: python3 burplogfilter.py [options]Options:
-h Show this showHelp
-f filepath The BurpSuite log to analyze
--host keyword, --host=keyword Host name filter
-v Show debug messageExamples:
python3 burplogfilter.py -f /tmp/burp.log --host='google.com' > burp-proxy.log
```### 3.使用SqlMap批量分析日志(Use SqlMap to batch analyze log)
```sh
sqlmap -l burp-proxy.log --batch -smart
```### 4.查看分析结果(Check result)
```sh
ls /usr/local/Cellar/sqlmap/0.9_1/libexec/output/
```