PESD Exporter - Burp Suite Extension

Generate security-oriented sequence diagrams and fine-grained parsed traffic from Burp Suite Proxy history.

This extension is based on the Proxy Enriched Sequence Diagrams (PESD) format. Discover the format here and read the launch post on our doyensec blog.

The exporter handles Burp Suite Proxy's traffic conversion to PESD format and offers the possibility to execute templates that will enrich the resulting exports.

Extension UI

Select and send specific traffic entries from Burp Suite Tabs to the Exporter tab
Specify a mode of operation for the export. Supported modes :
- Domains as Actors - Each domain involved in the traffic is represented as an actor in the diagram. Suitable for multi-domain flows analysis
- Endpoints as Actors - Each endpoint (path) involved in the traffic is represented as an actor in the diagram. Suitable for single-domain flows analysis
Configure the flags set that will be matched in the generation of the sequence diagram. Read about flags in the format definition page, section "Base Diagram Syntaxes"
Select the templates that will be executed on the resulting export. Read more about templates in the following section
Auto-Export. Checked by default, sending items to the extension will directly result in a export. User is redirected to the Browser view and the items are cleaned after the export within the extension

Export Capabilities

Expandable Metadata. Underlined flags can be clicked to show the underlying metadata from the traffic in a scrollable popover
Masked Randoms in URL Paths. UUIDs and pseudorandom strings recognized inside path segments are mapped to variable names <UUID_N> / <VAR_N>. The re-renderization will reshape the diagram to improve flow readability. Every occurrency with the same value maintains the same name
Notes. Comments from Burp Suite are converted to notes in the resulting diagram. Use <br> in Burp Suite comments to obtain multi-line notes in PESD exports
Save as :
- Sequence Diagram in SVG format
- Markdown file (MermaidJS syntax),
- Traffic metadata in JSON format. Read about the metadata structure in the format definition page, "exports section"

Extending the diagram, syntax and metadata with Templates

By default, a generic diagram follows the basic PESD syntax . PESD Exporter supports syntax and metadata extension via templates execution.

What is a Template?

Templates are iterations that occur on the basic PESD object in order to enrich its content by:

Adding new Flags or modifying existing ones
Framing sections of the resulting diagram. Read about MermaidJS Alt Syntax.
Enriching the metadata with new findings

Approach Idea : Users can leverage this extensibility to parse metadata and markdown in order to add new value in both of them by adding new logic.

Currently Implemented Templates

The Extension currently supports the following templates :

OAuth2 / OpenID Connect. The template matches standard OAuth2/OpenID Connect flows and adds related flags + flow frame. Oauth2 supported flows : Implicit Grant and Code Grant. OpenID supported flows : Code Grant, Implicit Grant and Hybrid flow. Respectively based on rfc6749 and openid-connect-core-1_0
SAML SSO. The template matches Single-Sign-On flows with SAML V2.0 and adds related flags + flow frame. Based on SAML V2.0 , supported flows:
- SP-initiated SSO using a Redirect Binding for the SP-to-IdP message and a POST Binding for the IdP-to-SP message
- SP-initiated SSO using a POST Binding for the message and an Artifact Binding for the message
- IDP-initiated SSO using a POST Binding for the IdP-to-SP message; no SP-to-IdP message is involved.