un-excogitate.org
what was I thinking? (Christian Frichot’s ad-lib on security and what-not)
Lijit Search

Tags

2FA amazon apple australia authentication beef big day out blog books botnet browser burp burpdot business cloud development education festival finance fraud greasemonkey HTML Internet linux malware management metasploit Music owasp phish presentation Privacy rails Risk ruby sbn scam script Security security assessment tool virtualisation visualisation web application work

Categories

Dailies

Mar
20.
Burpdot: Visualising Burp Referer Data with Graphviz
3 Comments
Category: Security, Web Development

The other day my colleague David says to me:
Burp’s SiteMap is really useful, but I don’t understand where all these extra sites were requested from. I wish there was some way in which the referer information could be visualised”
(Paraphrased of course.. Dave is normally dropping f-bombs here and there)

And of course, this is how most hacks are born. A tool that does almost everything you need it to do, and then you find you have some other tangential requirements that aren’t being met. The next thing you know, Ruby has been whipped out, a day or so later you have your script.

The idea is really simple (as most hacks are). Enable “request” logging in Burp, save that file somewhere, parse that file with “burpdot.rb” to create a Graphviz DOT file, and then parse that file with one of the numerous Graphviz tools to output an image file.

Firstly, you need to convert a Burp log file into a Graphviz DOT file, which is as simple as
# ./burpdot.rb -i burp.log -o burp.dot

A scaled down, jpg-ised example here, which was created with
# sfdp -v -Tpng -O burp.dot

Burpdot generated image demo

If you click it, you’ll get to an SVG version, for bandwidth’s sake. This was created with
# sfdp -v -Tsvg -O burp.dot

From start to finish:

Known Issues / Future Ideas:

  • The Graphviz files get large, quickly. Just by browsing a few sites, you can generate a huge DOT file, and therefore potentially huge graphic. I’m an absolute novice with Graphviz, so optimising overflows etc is not really my forte, if anyone has any suggestions for how to improve this, please let me know.
  • Because they’re so large, I’ve had neato and other Graphviz tools lock up my system. I’ve had the most luck with sfdp from Graphviz version 2.26.3 (I believe this is the default that comes with OSX 10.6.6).
  • There’s no pretty highlighting of *anything*. Future releases may include more of this in the DOT files.
  • There’s no pretty grouping of *anything*. As above.
  • No nice interactivity yet, such as clicking on a node and seeing all its partners.

You can get burpdot from : https://github.com/xntrik/burpdot.


Tags: , , , , , ,

Trackbacks/Pingbacks

  1. IT Secure Site » Burpdot: Visualising Burp Referer Data with Graphviz

3 Antworten

  1. Raffy says:
    26/3/2011 at 2:40 pm

    Have a look at AfterGlow: http://afterglow.sf.net It’s a script that takes CSV input and creates DOT files based on a configuration that you can optionally pass into the tool. This can help with clustering, coloring, etc. The only thing you need to do is parse your data and output it in CSV format. Should be simple based on your existing ruby script.

  2. Christian says:
    26/3/2011 at 3:58 pm

    Thanks for the comment Raffy. I think for further DOT creation AfterGlow will certainly help. Perhaps then burpdot should be another Parser for AG.

    I’ll have to figure out how best to integrate this stuff cleanly, on the roadmap for sure.

Post Comment

Please notice: Comments are moderated by an Admin.

 

Powered by Wordpress
Theme © 2005 - 2009 FrederikM.de
BlueMod is a modification of the blueblog_DE Theme by Oliver Wunder