Making ElasticBurp run

ElasticBurp depends on ancient versions of elasticsearch and kibana which you may find as docker images. Be warned this configuration is a RAM monster.

docker pull
docker run -p 9200:9200 -p 9300:9300

Now for later use we need elasticsearch docker container id. You can get it with the command

docker ps

Let’s get kibana docker image

docker pull

With the container id which you noted down before(without quotes)

docker run –link “es_container_id”:elasticsearch -p 5601:5601

docker run --link 5d2b8da5db2c:elasticsearch -p 5601:5601

Install ElasticBurp from Bapp Store

Find in ~/.BurpSuite/bapps/ and edit ES_host value as -> ES_host = “elastic:changeme@localhost”

From BurpSuite -> Extender -> Extenstions -> Find ElasticBurp and first disable and then enable it back.

Go to your browser http://localhost:5601 for kibana -> username:elastic password:changeme

Create an index pattern -> wase-burp

Search for all POST requests that don’t contain a CSRF token by issuing the following query:

request.method:POST -request.parameternames.raw:”csrftoken”

Check out this post and this one for more advanced queries.