Skip to content
/ browserbeat Public

An Elastic beat that sends browser history to an Elastic output.

License

View license
16 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MelonSmasher/browserbeat

BranchesTags

Repository files navigation

Browserbeat

Welcome to Browserbeat.

Browserbeat is a lightweight passive solution for web traffic monitoring. Browserbeat gives sysadmins the ability to monitor web traffic on managed computers without an HTTP proxy, packet capture, or DNS server logs.

Browserbeat compared to:

DNS server logs

  • Data obtained by Browserbeat is much less noisy than DNS traffic since traffic created by system services and other protocols will show up in DNS server logs.
  • You will know if the browser has visited an IP address directly.
  • You'll know the user who made the request not just the client IP
  • You'll know the web browser used to make the request
  • You'll know the operating system used to make the request

HTTP proxy

  • No need to distribute custom certs to monitor HTTPS traffic
  • You'll know the user who made the request not just the client IP
  • If Browserbeat or the output fails, the user's browsing is not interrupted like if a proxy server goes down
  • Less complexity on your network

Packet Sniffing/Capture

  • You'll know the user who made the request not just the client IP
  • Less complexity on your network
  • Depending on the method used for packet sniffing, the user's browsing is not interrupted if a component fails

Features

  • Know the user who made the request
  • Know the IP of the computer
  • Know the hostname of the computer
  • Know the requested hostname
  • Know the URL requested
  • Know the title of the website
  • Know the date & time the request was made
  • Know the host OS
  • Know the browser that made the request
  • Cross-platform support: Windows, macOS, and Linux
  • Cross-browser support: see list below
  • Output data to all of the standard Elastic Beat outputs

Browser Support

  • ✅ Chrome (All) - Done
    • ✅ Chrome Canary (Windows & macOS) - Done
    • ✅ Chrome Beta (linux) - Done
    • ✅ Chrome Dev (linux) - Done
  • ✅ Chromium (All) - Done
  • ✅ Firefox (All) - Done
  • ✅ Safari (macOS) - Done
  • ✅ Vivaldi (All) - Done
  • ✅ Opera (All) - Done
  • ✅ K-Meleon (Windows) - Done
  • ✅ Brave (All) - Done
  • ✅ Microsoft Edge - (Windows & macOS) - Done
    • ✅ Microsoft Edge Beta (Windows & macOS) - Done
    • ✅ Microsoft Edge Dev (Windows & macOS) - Done
    • ✅ Microsoft Edge Canary (Windows & macOS) - Done
  • 🆘 Microsoft Edge Legacy - Uses an ESE database anyone know of an ESE DB library for go?
  • 🆘 IE 11 - Uses an ESE database anyone know of an ESE DB library for go?

Feel free to suggest more browsers.

Development

Ensure that this folder is at the following location: ${GOPATH}/src/github.com/MelonSmasher/browserbeat

Getting Started with Browserbeat

Requirements

Init Project

To get running with Browserbeat and also install the dependencies, run the following command:

make setup

It will create a clean git history for each major step. Note that you can always rewrite the history if you wish before pushing your changes.

To push Browserbeat in the git repository, run the following commands:

git remote set-url origin https://github.com/MelonSmasher/browserbeat
git push origin master

For further development, check out the beat developer guide.

Build

To build the binary for Browserbeat run the command below. This will generate a binary in the same directory with the name browserbeat.

make

Run

To run Browserbeat with debugging output enabled, run:

./browserbeat -c browserbeat.yml -e -d "*"

Test

To test Browserbeat, run the following command:

make testsuite

alternatively:

make unit-tests
make system-tests
make integration-tests
make coverage-report

The test coverage is reported in the folder ./build/coverage/

Update

Each beat has a template for the mapping in elasticsearch and a documentation for the fields which is automatically generated based on fields.yml by running the following command.

make update

Cleanup

To clean Browserbeat source code, run the following command:

make fmt

To clean up the build directory and generated artifacts, run:

make clean

Clone

To clone Browserbeat from the git repository, run the following commands:

mkdir -p ${GOPATH}/src/github.com/MelonSmasher/browserbeat
git clone https://github.com/MelonSmasher/browserbeat ${GOPATH}/src/github.com/MelonSmasher/browserbeat

For further development, check out the beat developer guide.

Packaging

The beat frameworks provides tools to crosscompile and package your beat for different platforms. This requires docker and vendoring as described above. To build packages of your beat, run the following command:

make release

This will fetch and create all images required for the build process. The whole process to finish can take several minutes.

About

An Elastic beat that sends browser history to an Elastic output.

Topics

macos firefox chrome opera browser history safari chromium vivaldi brave beats elastic browser-history elastic-beats chrome-canary bravebrowser monitor-web-traffic user-browsing k-meleon browserbeat

Resources

Readme

License

View license
Activity

Stars

16 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

4 tags

Packages

 
 
 

Languages