ProfessionalCommunity Edition
Burp Logger capture filter
-
Last updated: October 29, 2024
-
Read time: 3 Minutes
You can use the capture filter settings to control which types of items are captured in Burp Logger.
You can configure the Logger capture filter in two different ways:
-
Settings mode enables you to configure a capture filter using checkboxes and drop-downs.
-
Bambda mode enables you to write a powerful custom capture filter using Burp's Java-based Bambdas.
Note
Items that are not captured will be discarded from Logger. Burp can't retrieve these items even if the capture filter is removed.
To filter the items that Logger captures, click on the Capture filter bar in the Logger tab. This opens the Logger capture filter window.
Settings mode
On the Settings mode tab, you can apply a capture filter using the following options:
Capture limit
You can specify a limit to the memory used by Logger. Once the limit is reached, Logger discards the oldest entries as new entries are created. The default limit is 50MB (or 100MB, if you give Burp Suite access to at least 1GB of memory).
To change the capture limit, select a preset option from the drop-down, or type a specific value.
Note
Allocating a large amount of memory to Logger can cause performance issues.
We recommend that you only increase the amount of memory when you have a specific issue that requires a large number of entries.
Capture by request type
Choose which request types Logger captures. You can select from:
- Capture only in-scope items. For more information on how to set your scope, see Target scope.
- Discard items without responses.
- Capture only parameterized requests.
Capture by MIME type
Choose which MIME type Logger captures, such as HTML or XML.
Capture by status code
Choose which status codes Logger captures.
Capture by tool
Choose which other Burp tools Logger captures items from. This enables you to discard traffic from a noisy tool, or direct Logger to capture traffic from one tool only. By default, all tools are selected.
Capture by search term
Choose to capture only records that contain a specific search term:
- Regex. Specify whether the search term is a literal string or a regular expression.
- Case sensitive. Specify whether the search term is case-sensitive.
- Negative search. Capture only items that do not match the search term.
Session handling
Choose whether or not to discard session handling requests.
Limit request/response size
Limit the size of requests or responses that Logger captures. The default maximum size for items is 1MB. To change the maximum size of items Logger captures, select a preset option from the drop-down.
Bambda mode
On the Bambda mode tab, you can write Java-based Bambdas to apply custom capture filters to Logger.
Two objects of the Montoya API are available to help you write your Bambdas:
LoggerCaptureHttpRequestResponse
Utilities
To filter which types of items Logger captures:
In Logger, click the Capture filter bar to open the Logger capture filter window.
In the Logger capture filter window, click the Bambda mode tab.
Write your Bambda using Java.
Click Apply.
Burp compiles your Bambda and applies it to any future traffic generated in this project.
Warning
Capture filter Bambdas may slow down Burp's performance as they run against all outgoing HTTP messages. Using slow running or resource-intensive Bambdas can slow down Burp even further. Write your Bambda carefully to minimize performance implications.
Example Bambda
In the example below, we'll create a Bambda that filters Logger to capture only items that meet the following criteria:
The item must not have a MIME type of WOFF or WOFF2.
In this example, our Bambda is:
var mimeType = requestResponse.mimeType();
return mimeType != MimeType.FONT_WOFF && mimeType != MimeType.FONT_WOFF2;
Converting filter settings to Bambdas
If you have already used Settings mode to configure a Logger capture filter, you can convert this to a Bambda.
Note
Converting your filter settings overwrites any existing Bambda applied to your Logger capture.
To convert your capture filter settings to a Bambda:
In the Logger tab, click the Capture filter bar to open the Logger capture filter window.
Make changes to the filter settings (if necessary).
At the bottom of the Logger capture filter window, click Convert to Bambda.
Your filter is now converted into a Bambda, enabling you to customize it further using Java.
Related pages
For more information on how to load Bambdas, save your Bambda, or troubleshoot errors with your Bambda, see our Bambdas documentation.