Logger++

Logger++ is an extension for Burp Suite, designed as a replacement to the proxy history tab with added functionality. Requests and responses from all Burp Suite tools can be logged in real time. Where these can be filtered, or highlighted, with user-defined rules using a custom query language.

Documentation on the full query language can be found here.

Log Filters

One of the biggest advantages of Logger++ is the ability to quickly search the logs using advanced queries.

Suppose you’ve found a request that’s using a suspicious parameter, and want to figure out where it has come from. A simple query such as the one below will show only the results which match the rule, helping to find its origin.

response.body CONTAINS "suspiciousValue"

Or maybe you’ve found a POST endpoint on an app which doesn’t require a csrf token and want to find other endpoints who also don’t require a token?

request.method == "POST" AND !(request.body CONTAINS "csrf")

Filters can be combined using the logical operators AND, OR, XOR and can be negated using the NOT keyword to create complex queries. However, to prevent ambiguity, AND, OR, XOR cannot be combined without using parenthesis to ensure proper parsing.

request.body CONTAINS "a" OR request.method == "POST" AND request.body CONTAINS "b"

 request.body CONTAINS "a" OR (request.method == "POST" AND request.body CONTAINS "b")

Color Filters

Most of the time, you’ll want to see all requests which are being made by an application. While log filters restrict the table to only the matching entries, Color Filters can be used to highlight the entries which match a defined rule.

For example, I almost always have two browsers opened on an app. Each one with a different user account for testing access controls. Each browser has a custom user-agent set, and a different colored theme.

Color Filters can then be defined within Logger++ to highlight each of the requests from the Burp proxy tool, based on the originating browser as below.

Logger++

Log Filters

Color Filters

Download