README.md updates

BuffaloWill · Jul 21, 2022 · 127ecc4 · 127ecc4
1 parent 8bdb2a8
commit 127ecc4
Showing 1 changed file with 41 additions and 16 deletions.
diff --git a/README.md b/README.md
@@ -27,34 +27,56 @@ burpsuite-project-file-parser is a Burp Suite extension to parse project files f
 # Example Usage
 
 Notes:
-- Flags can be combined. For example, print audit items and site map; `auditItems siteMap`
+- Flags can be combined. For example, print audit items and site map; `auditItems siteMap`; 
+  check options below for more information
 - `[PATH_TO burpsuite_pro.jar]` is required; my path is: `~/BurpSuitePro/burpsuite_pro.jar` if you need an example. 
 - `[PATH TO PROJECT FILE]` requires a project file and it's recommended to give the full path to the project file
 - You may need `--add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED` 
 depending on your version of Java
 
+## siteMap and proxyHistory
+
+The siteMap and proxyHistory flags also support sub-components to speed up parsing. They are:
+
+- request.headers
+- request.body
+- response.headers
+- response.body
+
+So, for example, to print out only the request body and headers from proxyHistory you would use:
+
+```bash
+java -jar -Djava.awt.headless=true [PATH_TO burpsuite_pro.jar] --project-file=[PATH TO PROJECT FILE] \
+  proxyHistory.request.headers, proxyHistory.request.body
+```
+
+This massively speeds up parsing as the response bodies (which can be quite large) are ignored.
+
 ## Print Audit items
 
 Use the `auditItems` flag, for example:
 
-```
-java -jar -Djava.awt.headless=true [PATH_TO burpsuite_pro.jar] --project-file=[PATH TO PROJECT FILE] auditItems 
+```bash
+java -jar -Djava.awt.headless=true [PATH_TO burpsuite_pro.jar] --project-file=[PATH TO PROJECT FILE] \
+  auditItems 
 ```
 
 ## Print site map and proxy history
 
 Combine the `siteMap` and `proxyHistory` flags to dump out all requests/responses from the site map and proxy history:
 
-```
-java -jar -Djava.awt.headless=true [PATH_TO burpsuite_pro.jar] --project-file=[PATH TO PROJECT FILE] siteMap proxyHistory 
+```bash
+java -jar -Djava.awt.headless=true [PATH_TO burpsuite_pro.jar] --project-file=[PATH TO PROJECT FILE] \
+    siteMap proxyHistory 
 ```
 
 ## Search Response Headers using Regex
 
 Use the `responseHeader=regex` flag. For example to search for any nginx or Servlet in response header:
 
-```
-java -jar -Djava.awt.headless=true [PATH_TO burpsuite_pro.jar] --project-file=[PATH TO PROJECT FILE] responseHeader='.*(Servlet|nginx).*'
+```bash
+java -jar -Djava.awt.headless=true [PATH_TO burpsuite_pro.jar] --project-file=[PATH TO PROJECT FILE] \
+    responseHeader='.*(Servlet|nginx).*'
 ...
 {"url":"https://example.com/something.css","header":"x-powered-by: Servlet/3.0"}
 {"url":"https://spocs.getpocket.com:443/spocs","header":"Server: nginx"}
@@ -66,40 +88,43 @@ java -jar -Djava.awt.headless=true [PATH_TO burpsuite_pro.jar] --project-file=[P
 Note, searching through a response body is memory expensive. It is recommended to store requests/responses in MongoDB and search that. 
 
 Use the `responseBody=regex` flag. For example to search for `<form` elements in response bodies:
-```
-java -jar -Djava.awt.headless=true [PATH_TO burpsuite_pro.jar] --project-file=[PATH TO PROJECT FILE] responseBody='.*<form.*'
+```bash
+java -jar -Djava.awt.headless=true [PATH_TO burpsuite_pro.jar] --project-file=[PATH TO PROJECT FILE] \
+    responseBody='.*<form.*'
 ```
 
 If you want to clean up the results to something more manageable (rather than the entire response), YMMV with a second grep pattern for the 80 characters around the match:
-```
-java -jar -Djava.awt.headless=true [PATH_TO burpsuite_pro.jar] --project-file=[PATH TO PROJECT FILE] responseBody='.*<form.*'| grep -o -P -- "url\":.{0,100}|.{0,80}<form.{0,80}"
+```bash
+java -jar -Djava.awt.headless=true [PATH_TO burpsuite_pro.jar] --project-file=[PATH TO PROJECT FILE] \
+  responseBody='.*<form.*'| grep -o -P -- "url\":.{0,100}|.{0,80}<form.{0,80}"
 ```
 
 ## Store the requests/responses to MongoDB
 
 Initialize the collections with a unique index in the db; run the following commands in mongodb:
 
-```
+```bash
 use [DATABASE NAME]
 db.urls.createIndex({url:1},{unique:true})
 db.httpResponses.createIndex({hash:1},{unique:true})
 db.httpRequests.createIndex({hash:1},{unique:true})
 ```
 
 Insert the data into the DB:
-```
-java -jar -Djava.awt.headless=true [PATH_TO burpsuite_pro.jar] --project-file=[PATH TO PROJECT FILE] storeData='localhost:27017/mydb'
+```bash
+java -jar -Djava.awt.headless=true [PATH_TO burpsuite_pro.jar] --project-file=[PATH TO PROJECT FILE] \
+  storeData='localhost:27017/mydb'
 ```
 
 # Suggestions
 
 - Use a custom User Options file (Burp > User options > Save user options) from Burp Suite with only this extension enabled. This can speed up Burp Suite loading speed because only one extension is loaded. Include the `--user-config-file` flag:
-```
+```bash
 java -jar -Djava.awt.headless=true [PATH_TO burpsuite_pro.jar] --project-file=[PATH TO PROJECT FILE] --user-config-file=[PATH TO CONFIG FILE]
 ```
 
 - Set the max amount of memory used by burp with `-Xmx` flag:
-```
+```bash
 java -jar -Djava.awt.headless=true -Xmx2G [PATH_TO burpsuite_pro.jar] --project-file=[PATH TO PROJECT FILE] 
 ```