Skip to content Skip to footer

Burpsuite for Pentester: Logger++

A powerful Burp extension called “Burp Logger++.” It is a robust tool that acts as a super detective for websites, always looking for hidden issues or problems. Burp Logger++ is an additional feature that can be added to Burp, and experts widely use it to detect website problems.

Imagine you are a explorer and want to know everything about a website. In that case, Burp Logger++ is your trusty notebook, always ready to assist you. This tool is even more helpful because its magical filter allows you to search for specific information and only displays those results.

With Burp Logger++, you can also color-code items, similar to using different colors to highlight the most critical parts of an image. This feature helps you quickly spot the important stuff.

Setting up and navigating Burp Logger++ is relatively easy. You can download and install the extension from the BApp Store. To do this, go to Extensions > BApp Store and search for Logger++ or scroll down to find it. Click on it, and on the right side, scroll down, and install it. After a successful installation, it will appear on the toolbar.

Once installed, many options will become visible to you. First, explore the “Options” tab to discover what advanced settings this extension includes. Navigate to “Options” to see the various log filter options. It allows you to customize the logging settings as per your preference. By default, Logger++ is running, but you can configure other necessary settings, such as the Log Filter and Log From settings.

To capture logs for credentials, you can enter test login details and browse through the website. For example, go to Signup, enter the test login details (username: test, password: test), and click “Login.” You can update more information to capture additional requests for further analysis.

Magical filters are an essential part of Burp Logger++. These filters allow you to view or manipulate HTTP requests and responses selectively. They help you focus on specific aspects of the traffic and are especially useful during security testing. The working is based on the query string, which accepts a logical query and returns the output based on it.

You have some advanced choices with the filter options, such as Entry, Request, and Response. Entry lets you apply filters according to number, tool, tags, InScope, and other criteria. The Request enables you to filter just the Request itself using many options such as header, body, URL, Method, parameters, cookies, etc. Response lets you filter the response using various options such as header, body, Inferred Type, Method, Parameters, cookies, etc.

Suppose you want to view HTTP POST requests from all logs. In that case, you can go to the filter bar, right-click, select Request, and select Method. Then, the Method has been chosen and is visible in the filter bar. Next, enter Request. Method == “POST” and hit enter. As a result, only HTTP POST Method requests will appear.

There are many other filters that you can use depending on your requirements. For instance, JSON Injection allows you to check only for JSON requests, while Injection Attack enables you to check for HTML, XML, and JSON. Additionally, you can also use filters for Sensitive File Exposed, Sensitive Path Exposed, Sensitive Parameter in Query String, Sensitive Parameter in Request, Server Information Disclosed, CORS Misconfiguration, Check for CSRF Token, Missing Robots.txt, and URL Redirection.

We can use the saved or pre-configured filters from the library directly with the help of the Filter Library. When you start te

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

Shall we play a game?Joshua

Deitasoft © 2024. All Rights Reserved.