It wasn’t until after I’d pushed the 0.1 version of burpdot up to git when I remembered secviz.org. If you haven’t checked it out you certainly should, it’s a great portal for people to share visualisations of log analysis/mining, in particular those related to security. I pinged Raffy, who maintains the site, on twitter, and he reminded me of Afterglow, a perl tool that he maintains which facilitates the process of generating graphs. The power of Afterglow comes from it’s powerful color properties file and plethora of options. So it made perfect sense for burpdot to be modified to output simple CSV files, which could then be consumed and processed with Afterglow.
A simple example:
# ./burpdot.rb -i burplogfile.log -m csv | ./afterglow.pl -t -c burp.properties | neato -v -Tpng -Goverlap=orthoyx -o burp.png
Update: Forgot to give epic big ups to Dave who helped get the label wrapping Perl Fu working in the burp.properties file!
Tags: browser, burp, burpdot, development, Security, security assessment, visualisation, web application