ProfessionalCommunity Edition
Bambdas
-
Last updated: December 3, 2024
-
Read time: 3 Minutes
Bambdas enable you to run Java-based code to customize Burp Suite directly from the UI.
Warning
Bambdas can run arbitrary code. For security reasons, please be cautious when using Bambdas from unverified sources.
Creating Bambdas
You can currently create Bambdas to help filter the following:
- Proxy HTTP history
- Proxy WebSockets history
- Logger view
- Logger capture
- Site map
If you're using Burp Suite Professional, you can also use Bambdas in the following ways:
-
To create custom columns in the following tables:
Proxy HTTP history
Proxy WebSockets history
Logger
- To create HTTP match and replace rules
The Montoya API makes various objects available to help you write your Bambdas.
Related pages
To learn what a Bambda is and see a couple of examples, watch the Burp Suite Shorts | Bambdas video on YouTube.
For feature-specific instructions on how to create Bambdas for filtering tables, see the following pages:
For feature-specific instructions on how to create Bambdas for adding custom columns to tables, see the following pages:
For instructions on how to create Bambdas for HTTP match and replace rules, see Match and replace - Bambda mode.
Warning
Using slow running or resource-intensive Bambdas can slow down Burp. Write your Bambda carefully to minimize performance implications.
Saving Bambdas
You can save Bambdas as a JSON file. This makes it easy for you to migrate your configuration to other projects.
To save a Bambda:
- In a feature that enables Bambdas, go to the Bambda mode tab.
- Click settings .
- Click Save settings.
Your Bambda downloads as a JSON file.
Loading Bambdas
You can load a saved Bambda into other projects.
To load a Bambda:
- In a feature that enables Bambdas, go to the Bambda mode tab.
- Click settings .
- Click Load settings, then select your Bambda JSON file via the system dialogue.
- Click Apply.
Your Bambda is now loaded in Burp.
Note
Bambdas are only compatible with the tool that they were exported from. For example, a Bambda created for filtering the HTTP history cannot be loaded in a different Burp tool.
Troubleshooting Bambdas
There are two types of error you may encounter when working with Bambdas: compilation and runtime.
Compilation errors
Burp highlights compilation errors in real time by underlining them in red in the Bambda mode editor. You must resolve any compilation errors before Burp can apply your Bambda.
To display details of the error, hover over the red underline. If you click Apply while your Bambda contains compilation errors, the error details are shown in the Compilation errors tab.
Runtime errors
Runtime errors can occur after a Bambda has been applied. If Burp detects any runtime errors, a warning appears on the filter bar. Click on the filter bar to view the error details, and make changes to the code.
Submitting Bambdas to the community
When you write a Bambda, you can share it with the community. This collaboration enables the community to access an ever-growing library of Bambdas through our Bambdas repository on GitHub.
Before you submit
Before you contribute your Bambda, please make sure it meets our submission guidelines.
We also recommend that you run the Bambda Checker before submitting. The Bambda Checker is a Java tool that verifies Bambdas and generates README.md files before submission.
Submitting Your Bambda
After you've confirmed your Bambda meets our guidelines, please follow these steps to submit it:
Fork the Bambdas repository on GitHub, then clone this fork to your local machine.
Create a new branch for your changes.
Place a new
.bambda
file in the appropriate directory. The directory structure of the repo is broken down by Bambda type and tool. For example, a custom column Bambda for Logger would be placed in the Custom Columns > Logger directory.Make any necessary changes.
Push the changes to your fork.
Open a pull request. Make sure to include a concise description of your Bambda in the request.
Review and merge
Your submission will be reviewed by both the community and our team. We encourage you to actively and constructively engage with any feedback received during this process.
If your submission includes multiple Bambdas, you may be asked to split it into multiple pull requests. This could happen if some Bambdas require further feedback, while others are ready to merge.