![]() Use in Burp Suite comments to obtain multi-line notes in PESD exports Comments from Burp Suite are converted to notes in the resulting diagram. Every occurrence with the same value maintains the same name The re-renderization will reshape the diagram to improve flow readability. UUIDs and pseudorandom strings recognized inside path segments are mapped to variable names /. Underlined flags can be clicked to show the underlying metadata from the traffic in a scrollable popover Suitable for single-domain flows analysisĮxpandable Metadata. ![]() Endpoints as Actors - Each endpoint (path) involved in the traffic is represented as an actor in the diagram. ![]() Domains as Actors - Each domain involved in the traffic is represented as an actor in the diagram.Once loaded, sending items to the extension will directly result in a export with all the active settings.Ĭurrently, two modes of operation are supported: The extension handles Burp Suite traffic conversion to the PESD format and offers the possibility of executing templates that will enrich the resulting exports. usable for reporting purposes like documentation of current implementations or Proof Of Concept diagrams.parsed metadata from the web traffic to enable further automation of the analysis.tester-specific syntax to facilitate the analysis and overall readability.visual-analysis, especially useful for complex application flows in multi-actor scenarios where the listed proxy-view is not suited to visualize the abstract logic.In fact, the HTTP events in the diagram are marked with flags that can be used to access the specific information from the metadata.Īs an example, URL query parameters will be found in the arrow events as UrlParams expandable with a click. The Enriched part in the format name originates from the diagram-metadata linkability. ![]() PESD is designed to include granular information related to the underlying HTTP traffic being represented in the form of metadata. While classic sequence diagrams for software engineering are meant for an abstract visualization and all the information is carried by the diagram itself. The MermaidJS sequence diagram syntax is used to render the final diagram. Meet The FormatĪ Proxy Enriched Sequence Diagram ( PESD) is a specific message syntax for sequence diagram models adapted to bring enriched information about the represented HTTP traffic. Proxy Enriched Sequence Diagrams ( PESD) is our internal Burp Suite extension to visualize web traffic in a way that facilitates the analysis and reporting in scenarios with complex functional flows. We all know that constructing sequence diagrams by hand is tedious, error-prone, time-consuming and sometimes even impractical (dealing with more than ten messages in a single flow). In such situations, web security specialists have to manually model sequence diagrams if they want to support their analysis with visualizations of the whole functionality logic. The resulting functional flows are characterized by multiple state-changing steps with complex trust boundaries and responsibility separation among the involved actors. Modern web platforms design involves integrations with other applications and cloud services to add functionalities, share data and enrich the user experience. We’re excited to announce that PESD Exporter is now available on Github. We are releasing an internal tool to speed-up testing and reporting efforts in complex functional flows. Introducing Proxy Enriched Sequence Diagrams (PESD) - Posted by Francesco Lacerenza PESD Exporter is now public!
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |