hvqzao / burp-flow Goto Github PK
View Code? Open in Web Editor NEWExtension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.
License: MIT License
Extension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.
License: MIT License
When I'm running a scan with 10-30 threads sending HTTP requests, enabling Flow causes a dramatic speed slow-down, to the point where it takes Burp repeater about 5 seconds to get a response from a server that usually takes ~20ms.
As the slowdown is so severe, I think this is probably caused by a locking/synchronisation problem, rather than CPU/RAM issues.
Hi, i noticed that very long reflection tooltips are prone to hang the whole BurpSuite interface completely and there is no way to recover anything when this happens, so kill -9
is the only way to terminate it.
This ofter happens when using the ParamMiner extension, where lot of reflections can be triggered at once.
Is there a way to disable them?
The extension uses "Pattern.quote" to turn the search input into a quoted string, which java regex library treats as a string literal. Because of this, searches are for strings, and searching by regex is impossible.
Ideally would have a toggle to switch between string literal and regex like the Burp proxy history view, but should at least remove the reference to regex in the UI to limit confusion.
if (flowFilterSearchCaseSensitive.isSelected()) {
found = Pattern.compile(Pattern.quote(text)).matcher(req).find() || Pattern.compile(Pattern.quote(text)).matcher(resp).find();
} else {
found = Pattern.compile(Pattern.quote(text), Pattern.CASE_INSENSITIVE).matcher(req).find() || Pattern.compile(Pattern.quote(text), Pattern.CASE_INSENSITIVE).matcher(resp).find();
}
#8
The starting of the each request marked as flow in a color, if it could be in a different color based on cookie or the time would be much better.
Thanks
Hey Mate,
Great tool!!
Would it possible to store the data in the burp file, similar to the HTTP Proxy History? It will help a lot during the testing. As of now, when I reopened the burp old data is not visible.
THanks
Found a typo in the README.md file.
The affected sentence is the following:
This simple extension provides Proxy-like view with along with search filter capabilities for all Burp sources. Some users might find Parameters count table column handy.
duplicate with should be removed.
This simple extension provides Proxy-like view
withalong with search filter capabilities for all Burp sources. Some users might find Parameters count table column handy.
Professional v2021.12-10792 (early adopter) on Ubuntu 21.10
Include an advanced filter to filter by specific status code for both history. Also filters such as content lenght or if what I want to look for is in the request or in the response, or or the request verb. having only regex is impractical. add the woff/2 & ttf to the hide and more filters by extension. My idea is that it resembles the burp proxy history as much as possible. so have burp pro improvements in burp community but with more utilities.
Example of fields
specific status code: 201,203,404
specific content length: 311,102,412
[bytes] # with reverse searchcontent length greater than: 1000
[bytes] # with reverse searchMethod: POST,GET
# with reverse search [X] Request
[ ] Response
additional notes: It could be useful to have a basic language of comparisons, for example that of bash: eq, lt, ne, gt, etc.
I've noticed many times even with rebooting machine, closing and re-opening Burp Suite that if you try to remove single or groups of entries in Flow after selecting and removing them from scope, the extension freezes up and clicking anywhere does nothing. Sometimes, it even changes the graphics in the viewing window.
Please let me know if you have some suggestions to remedy. I've given up trying to remove URL's/entries from scope and deleting them (to filter out non-essential entries) and just started using target > scope instead to prevent anything else from showing up.
Tested with flow 1.03 and flow 1.04:
When in the flow tab, one can click all columns header to sort the results. However it looks like some columns such as "Length", "Parameters" and "Count" do not seem to be sortable at all. Other headers like "MIME" seems to only work some times (e.g. when one has sorted it by another column beforehand)
Hi
add export and restore function in the flow extension
Flow does not show the request-response while platform authentication + Socks proxy is configured.
Steps to reproduce
User options -> Connections -> Socks Proxy: Enable and configure it.
User options -> Connections -> Platform Authetication: Enable and configure it. Type: NTLMv2
Start a scan or make any request.
Expected result:
Flow is not able to show the fields: Status, Lenght, and MIME.
Flow shows the request only(left side), the request-response(right side) will be empty.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.