ProfessionalCommunity Edition
Working with Burp Logger entries
-
Last updated: June 18, 2024
-
Read time: 3 Minutes
All HTTP traffic is recorded in the Logger tab, up to a specified limit of allocated memory.
To disable or enable the logging of all items, click the Logging: On/Off button. You can also clear the log: click the Clear log trash icon . Once cleared, the log cannot be retrieved.
Burp Logger has a range of functions to help you view and analyze a large number of results.
Viewing log entries
Key details of log entries are displayed in a table. To reorder and resize columns, click and drag the column headers and borders.
To select which columns are displayed, click and select Table layout.
Adding a custom column
You can create your own custom columns using Bambdas.
Custom columns enable you to see more detail about the items that have been logged for a more focused analysis of what's important to you.
Two objects of the Montoya API are available to help you write these Bambdas:
LoggerHttpRequestResponse
Utilities
To create a custom column for your Logger table:
In Logger, click the options menu > Add custom column. The Add custom column window opens.
Enter a name for your custom column in the Column header field.
Write a Bambda to specify the data that the custom column displays.
Example Bambda
In the example below, we'll write a Bambda to create a custom column containing the Server header value of the response.
if (!requestResponse.hasResponse()) {
return "";
}
var response = requestResponse.response();
return response.hasHeader("Server")
? response.headerValue("Server")
: "";
Related pages
Connection ID
The Connection ID column identifies which requests were sent over the same connection. Each connection is identified by a different number.
This enables you to detect if a website behaves differently, based on previous requests sent down the same connection.
Viewing requests and responses
You can view the request and response for each entry in the message editor and Inspector. Click on an entry to view these. They are read-only.
You can customize and sort the table contents. For more information, see Customizing Burp's tables.
Filtering Logger entries
You can choose which types of items Logger captures and displays. This enables you to focus your work on interesting messages, and control how much memory Logger uses.
To see how these functions work in practice, follow the tutorial in Getting started with Burp Logger.
There are two types of filter in Logger:
Capture filter
Use the capture filter to control which types of items Logger captures. You can set a capture filter using predefined options in Settings mode, or create an advanced Java-based capture filter using Bambda mode.
Items that are not captured will be discarded from Logger. Burp can't retrieve these items even if the capture filter is removed.
To learn more, see Burp Logger capture filter.
View filter
Use the view filter to control which captured items Logger displays. You can set a view filter using predefined options in Settings mode, or create an advanced Java-based view filter using Bambda mode.
Items that are not displayed because of view filter settings can be viewed by removing the view filter.
To learn more, see Burp Logger view filter.
Annotating log entries
You can annotate log entries for later attention:
- To highlight an entry, click in the # column and choose a color from the drop-down menu.
- To leave a comment on an entry, double-click on the Comment column.
Logger workflow tools
You can use the context menu to perform further actions on any log entry as part of your workflow. For example, you can send a request to other Burp tools, such as Organizer and Intruder. You can also export log entries as a CSV file, see below for more information.
Export log entries as CSV
To export log entries as a CSV file, select the relevant entries in the table, right-click and select Export as CSV. The whole table is exported if you select zero entries or one entry.
When exporting entries in CSV format, Logger encodes certain data as follows:
- Date times are represented in ISO 8601 format with UTC offset:
yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
. - Binary data (for example, HTTP/2 requests and responses) are represented as Base64 encoded strings.
- Any data that contains a comma is escaped by wrapping the data in double quotes. For example, a,b will become "a,b".
- Any data containing double quotes is escaped by an additional double quote. For example, "a" will become """a""".
- Any data starting with -, +, = or @ is escaped for Excel by prefixing a single quote (').