Burp Suite User Forum

Login to post

Burps builtin Logger logs at the wrong location

floyd | Last updated: Jun 22, 2022 07:19AM UTC

Hi there, Author of https://www.pentagrid.ch/en/blog/teaching_burp_a_new_http_transport_encoding/ here. Have you read that blog post? Please have a look at the Diagram at https://www.pentagrid.ch/images/202204_burp_handling_of_messages.png . I think Burp's builtin Logger logs requests perfectly fine (how they are sent to the server). However, I don't think it is logging the responses correctly. Logger logs the responses before they are edited by extensions in the processProxyMessage. That means you'll see responses in a in-between state and not what is *really* received by the browser. Is this working as intended? I think it would be way more intuitive if we see what the server and browser receive in the logger. Btw. the Logger++ extension does this correctly. I was thinking about this again because you say Logger++ has a "high" performance impact and therefore I'd like to replace it with the builtin Logger in some cases. But in the current state I can't rely on the builtin Logger.

Hannah, PortSwigger Agent | Last updated: Jun 23, 2022 02:19PM UTC

Hi. We have read your blog post, and your mapped-out process is accurate to the order of events in Burp. The placement of the Logger in the sequence is by design. It is a window into outbound requests initiated by Burp. The Logger is designed to provide a window into outbound network traffic from Burp. Conversely, the Proxy History shows the requests and responses sent over connections initiated to Burp. By design, these are separate as they relate to traffic sent over connections initiated to Burp (Proxy History) versus traffic sent over connections initiated by Burp (Logger).

You need to Log in to post a reply. Or register here, for free.