ProfessionalCommunity Edition

Bambdas

  • Last updated: December 3, 2024

  • Read time: 3 Minutes

Bambdas enable you to run Java-based code to customize Burp Suite directly from the UI.

Warning

Bambdas can run arbitrary code. For security reasons, please be cautious when using Bambdas from unverified sources.

Creating Bambdas

You can currently create Bambdas to help filter the following:

  • Proxy HTTP history
  • Proxy WebSockets history
  • Logger view
  • Logger capture
  • Site map

If you're using Burp Suite Professional, you can also use Bambdas in the following ways:

  • To create custom columns in the following tables:

    • Proxy HTTP history

    • Proxy WebSockets history

    • Logger

  • To create HTTP match and replace rules

The Montoya API makes various objects available to help you write your Bambdas.

Related pages

To learn what a Bambda is and see a couple of examples, watch the Burp Suite Shorts | Bambdas video on YouTube.

For feature-specific instructions on how to create Bambdas for filtering tables, see the following pages:

For feature-specific instructions on how to create Bambdas for adding custom columns to tables, see the following pages:

For instructions on how to create Bambdas for HTTP match and replace rules, see Match and replace - Bambda mode.

Warning

Using slow running or resource-intensive Bambdas can slow down Burp. Write your Bambda carefully to minimize performance implications.

Saving Bambdas

You can save Bambdas as a JSON file. This makes it easy for you to migrate your configuration to other projects.

To save a Bambda:

  1. In a feature that enables Bambdas, go to the Bambda mode tab.
  2. Click settings .
  3. Click Save settings.

Your Bambda downloads as a JSON file.

Loading Bambdas

You can load a saved Bambda into other projects.

To load a Bambda:

  1. In a feature that enables Bambdas, go to the Bambda mode tab.
  2. Click settings .
  3. Click Load settings, then select your Bambda JSON file via the system dialogue.
  4. Click Apply.

Your Bambda is now loaded in Burp.

Note

Bambdas are only compatible with the tool that they were exported from. For example, a Bambda created for filtering the HTTP history cannot be loaded in a different Burp tool.

Troubleshooting Bambdas

There are two types of error you may encounter when working with Bambdas: compilation and runtime.

Compilation errors

Burp highlights compilation errors in real time by underlining them in red in the Bambda mode editor. You must resolve any compilation errors before Burp can apply your Bambda.

To display details of the error, hover over the red underline. If you click Apply while your Bambda contains compilation errors, the error details are shown in the Compilation errors tab.

Runtime errors

Runtime errors can occur after a Bambda has been applied. If Burp detects any runtime errors, a warning appears on the filter bar. Click on the filter bar to view the error details, and make changes to the code.

Submitting Bambdas to the community

When you write a Bambda, you can share it with the community. This collaboration enables the community to access an ever-growing library of Bambdas through our Bambdas repository on GitHub.

Before you submit

Before you contribute your Bambda, please make sure it meets our submission guidelines.

We also recommend that you run the Bambda Checker before submitting. The Bambda Checker is a Java tool that verifies Bambdas and generates README.md files before submission.

Submitting Your Bambda

After you've confirmed your Bambda meets our guidelines, please follow these steps to submit it:

  • Fork the Bambdas repository on GitHub, then clone this fork to your local machine.

  • Create a new branch for your changes.

  • Place a new .bambda file in the appropriate directory. The directory structure of the repo is broken down by Bambda type and tool. For example, a custom column Bambda for Logger would be placed in the Custom Columns > Logger directory.

  • Make any necessary changes.

  • Push the changes to your fork.

  • Open a pull request. Make sure to include a concise description of your Bambda in the request.

Review and merge

Your submission will be reviewed by both the community and our team. We encourage you to actively and constructively engage with any feedback received during this process.

If your submission includes multiple Bambdas, you may be asked to split it into multiple pull requests. This could happen if some Bambdas require further feedback, while others are ready to merge.

Was this article helpful?