Friday, October 25, 2013

Better support for importing Burp Suite Log and Export files in IronWASP v0.9.7.2

IronWASP v0.9.7.2 is now available for download. Users of older versions should get an update prompt when using IronWASP.

With this release you get:
1) A better JSON parser
2) Better support for handling binary data in JSON, XML and Multipart
3) A faster and more responsive rendering of response body when the 'Render' link is clicked

The most important new addition however is the support for importing Burp Suite export files.
IronWASP has always had support to import Burp Suite log files, the image below shows how logging can be turned on in Burp Suite.

But with the new version import the Burp Suite export files as well.
You can export Burp Suite logs to a XML file using the option shown in the image below

Once exported you can make use of the import feature of IronWASP to load the XML file.

But what's the benefit?

But why would you want to import Burp Suite files in to IronWASP. I will list some of the benefits below:

1) Passive Vulnerability Analysis

As soon as you import the logs IronWASP performs passive vulnerability analysis and reports a bunch of issues

2) Automated Vulnerability Scanning

IronWASP also builds a sitemap from the import log. You can right click on the site map and scan all or some of the items there.

Or you can pick a single request and perform a vulnerability scan. The nice thing about IronWASP is you can get very precise with your scans. If you fancy then you can just scan one parameter from one request for a specific vulnerability check.

The scan creation wizard gives options to scan for most of the well known vulnerabilities. After the scan is done you can even perform Anomaly based vulnerability detection on the scan logs.

3) Searching and analysing imported logs

You can perform a keyword and filter based search of the logs. From the search results you can pick a bunch of logs and use IronWASP's 'Parameter Manipulation' feature to automatically test for CSRF, Hidden Parameter Guessing, Privilege Escalation and other access control issues.

4) Scripting

IronWASP's USP is its unrivalled scripting integration. You can access and analyse the import logs in both Ruby and Python.

Want to perform a custom passive analysis of the traffic or write your own fuzzer to fuzz some of the requests in the logs? feel free. Open the 'Script Creation Assistant' and you will be on your own in no time.

5) Reporting

IronWASP comes with a reporting engine that creates reports in both HTML and RTF forms. You easily generate reports of the newly identified vulnerabilities.

5) Reloading the logs

Once you import the Burp Suite logs a new IronWASP project is created from it. So if you are closing IronWASP then the next day you can reload the project file and continue from the exact place you left off. All logs and vulnerabilities are stored in the project files and are completely reloaded.

This new version also has a new feature added to the Scripting API called 'BruteForcer'. The next blog post will show how this feature can be used.


No comments:

Post a Comment