Research Academy Daily Swig
My account Customers About Blog Careers Legal Contact Resellers

PROFESSIONALCOMMUNITY

Getting started with Logger

  • Last updated: May 17, 2022

  • Read time: 3 Minutes

The Logger tab displays a log of all HTTP traffic sent between all of Burp's tools and your target websites. This includes tools or extensions that send requests automatically, such as Burp Scanner.

From here you can:

  • Study the requests sent by any of Burp's tools or extensions.
  • See the requests sent by Burp Scanner in real-time.
  • Examine the behavior of extensions.

What is the difference between Logger and the Proxy HTTP history?

The Proxy > HTTP history tab only displays traffic from Burp's browser. By default, Logger displays traffic from all the tools in Burp Suite.

To get started using the Logger tab, we recommend following the tutorial below.

For more detailed information, please see the full documentation.

Tutorial

In this tutorial, you'll learn to use the Logger tab to view requests sent by Burp Scanner and the resulting responses from target websites.

Step 1: Access the lab

Open Burp's browser and the Logger tab side by side.

Use Burp's browser to access the following URL:

https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data

Click Access the lab and log in to your PortSwigger account if prompted. This opens your own instance of a deliberately vulnerable shopping website.

Logger tab and Burp's browser open side by side

Step 2: View requests on the Logger tab

The Logger tab shows details about each request that the browser makes in real-time, just like the Proxy > HTTP history tab.

On the shopping site, apply one of the category filters. Notice that doing this sends a request with a query parameter.

Selecting a category on the shopping site results in a request with a query parameter

Step 3: Audit a specific request with Burp Scanner

You can select an individual request from the Logger tab to audit using Burp Scanner.

Right-click on a request with the category query parameter, then select Do active scan.

Selecting Do active scan from the context-menu

Step 4: Examine the requests made by Burp Scanner

Burp Scanner now performs an audit using only this request.

Notice that, unlike the Proxy history, the Logger tab shows the requests that Burp Scanner makes as it performs the audit.

You can identify these from the Tool column.

Select any request to see it displayed in the message editor.

The tools column and message editor

Note

Tasks on the dashboard also have their own task-specific Logger tab. You can view this by clicking View details.

Dashboard tasks logger window

Step 5: Sort and filter the Logger tab

You can both sort and filter the log.

To sort the log, click a column header. You might find it useful to sort the log so that the most recent requests are on top.

Logger window sorted

Filter which requests are shown by clicking the View filter bar.

As well as filtering the log, you can also control which requests are logged in the first place by clicking the Capture filter bar. These settings also control how much memory the log is allowed to use, and the maximum size of requests and responses are stored.

Filter settings window and buttons

Step 6: Disable and clear the Logger history

To disable the logging of all items, click the Logging: On/Off button.

You can clear the log entirely by clicking on the trash can icon at the top right of the screen, below the Logging: On/Off button. Once cleared, the log cannot be retrieved.

Logging: On/Off button and trash can icon

Learn more about Logger

You have now had a brief overview of using the Logger tab to study requests sent by Burp Suite.

For more detailed information, please see full documentation about the Logger tab.