Are you struggling to organize your security research notes effectively? Do you often dump all your information on a single page, only to waste time later searching for crucial details? I’ve got the perfect solution for you!
I've developed a powerful Burp Suite extension that integrates seamlessly with Obsidian, offering a structured and efficient way to take notes, track vulnerabilities, and manage your bug bounty process. This tool and methodology have been instrumental in helping me secure multiple bounties, and now I'm sharing it with you.
Key Features:
- Standardized Note-Taking Methodology: A clear structure to help you organize findings, categorize vulnerabilities, and link key information for quick access.
- Collaboration-Ready: Use third-party cloud providers to easily share notes and collaborate on security research.
- Folder and File Organization: Automatically convert Burp Suite output into an organized folder structure, making it easier to navigate through projects.
With this tool, you'll spend less time searching for details and more time discovering vulnerabilities.
General Steps
- Install Obsidian
- Download the Obsidian folder (which includes pre-installed plugins).
- Add the Obsidian Burp Suite extension to your Burp extension
Additional Steps for Collaboration
- Create a Proton account (Or any other third-party cloud provider ex: Dropbox, Google, ...)
- Install application Proton Drive
- Purchase an Obsidian Sync Subscription Obsidian Sync ---> (~50$/YEAR)
The methodology for using the Burp Suite extension involves importing the target's structure into your Obsidian file. The extension automatically adds all domains within the scope to Obsidian and updates them as necessary. In Obsidian, document all relevant information for each website path and link these findings to the main file, where you briefly describe each issue or noteworthy detail. This approach helps maintain organized notes and avoids the inefficiency of consolidating all information into a single file, making it easier to retrieve specific details later.
| Root Domain (Target) | Domain / Subdomains | Paths | Endpoints |
|---|---|---|---|
 |
 |
 |
 |
Import your target's structure into Obsidian:
- Update your web topology: Go to the Obsidian extension in BurpSuite, select your Obsidian Folder (Bug Bounty Shared) within Proton Drive, and click "Generate" with the appropriate protocol type. This action will create the website topology in Obsidian. View Example
- Organize your notes: At the root level of the domain, create two files:
- Daily Notes: Use this file to track what has been done and to avoid duplicating efforts. It also informs collaborators about completed tasks.
- Main Notes: This file should contain all significant observations or vulnerabilities found. Link these notes to the relevant pages and include only a brief description of the vulnerabilities or noteworthy elements discovered.
| Main Notes | Daily Notes |
|---|---|
 |
 |
This methodology enables efficient categorization, ensuring that all your notes and files are systematically organized. By using this approach, you can quickly and easily review your files and notes with just a single click, eliminating the need to search for hours. This structured method saves time and enhances your productivity by providing quick access to all relevant information whenever needed. Whether you are tracking vulnerabilities, documenting findings, or collaborating with others, this streamlined process ensures that everything is at your fingertips, making your work more efficient and effective.
PS: Once you discover additional paths in Burp, click "Generate" in the Burp extension to add the newly discovered paths.
To use Obsidian collaboratively, you need to determine two key aspects. First, decide if your collaborator needs to create new files or contribute to the website mapping. If the collaborator does not need or want to contribute to this aspect, simply share the project with Obsidian Sync (refer to Obsidian documentation for details).
The concept is straightforward: upload the Obsidian folder to a third-party cloud provider (e.g., Proton Drive, which offers a free plan) that is accessible via a file explorer, and share the account with your collaborator. This setup allows both you and your collaborator to contribute directly to the same Obsidian vault. It's especially useful if your collaborator discovers subdomains or paths that you haven't found, as they can add them directly to the shared folder.
For seamless collaboration, you must purchase an Obsidian Sync subscription ($50/year). I've tried various third-party tools, but none offer the same level of encryption and affordability that Obsidian provides.
| File Owner | Invited Collaborator |
|---|---|
|
|
Please note that in this configuration, we have chosen Proton Drive, but you can also select Dropbox, Google, or other options.
To invite your collaborator, go to Obsidian's settings, select "Sync," and then choose "Manage." From there, you can send an invitation to allow them to join and collaborate in your shared vault.
This method enables collaborators to contribute to the company topology, allowing each to share their findings.
If you have any questions, suggestions, or issues regarding the roadmap or this repository, feel free to open an issue or reach out to me via Discord.
