ProfessionalCommunity Edition

Burp Logger capture filter

• Last updated: March 1, 2024

• Read time: 3 Minutes

You can use the capture filter settings to control which types of items are captured in Burp Logger.

You can configure the Logger capture filter in two different ways:

• Settings mode enables you to configure a capture filter using checkboxes and drop-downs.

• Bambda mode enables you to write a powerful custom capture filter using Burp's Java-based Bambdas.

To filter the items that Logger captures, click on the Capture filter bar in the Logger tab. This opens the Logger capture filter window.

Settings mode

On the Settings mode tab, you can apply a capture filter using the following options:

Capture limit

You can specify a limit to the memory used by Logger. Once the limit is reached, Logger discards the oldest entries as new entries are created. The default limit is 50MB (or 100MB, if you give Burp Suite access to at least 1GB of memory).

To change the capture limit, select a preset option from the drop-down, or type a specific value.

Capture by request type

Choose which request types Logger captures. You can select from:

• Capture only in-scope items. For more information on how to set your scope, see Target scope.
• Discard items without responses.
• Capture only parameterized requests.

Capture by MIME type

Choose which MIME type Logger captures, such as HTML or XML.

Capture by status code

Choose which status codes Logger captures.

Capture by tool

Choose which other Burp tools Logger captures items from. This enables you to discard traffic from a noisy tool, or direct Logger to capture traffic from one tool only. By default, all tools are selected.

Capture by search term

Professional Choose to capture only records that contain a specific search term:

• Regex. Specify whether the search term is a literal string or a regular expression.
• Case sensitive. Specify whether the search term is case-sensitive.
• Negative search. Capture only items that do not match the search term.

Session handling

Choose whether or not to discard session handling requests.

Limit request/response size

Limit the size of requests or responses that Logger captures. The default maximum size for items is 1MB. To change the maximum size of items Logger captures, select a preset option from the drop-down.

Bambda mode

On the Bambda mode tab, you can write Java-based Bambdas to apply custom capture filters to Logger.

Two objects of the Montoya API are available to help you write your Bambdas:

• LoggerCaptureHttpRequestResponse

• Utilities

To filter which types of items Logger captures:

1. In Logger, click the Capture filter bar to open the Logger capture filter window.

2. In the Logger capture filter window, click the Bambda mode tab.

3. Write your Bambda using Java.

4. Click Apply.

Burp compiles your Bambda and applies it to any future traffic generated in this project.

Example Bambda

In the example below, we'll create a Bambda that filters Logger to capture only items that meet the following criteria:

• The item must not have a MIME type of WOFF or WOFF2.

In this example, our Bambda is:

var mimeType = requestResponse.mimeType(); return mimeType != MimeType.FONT_WOFF && mimeType != MimeType.FONT_WOFF2;

Converting filter settings to Bambdas

If you have already used Settings mode to configure a Logger capture filter, you can convert this to a Bambda.

To convert your capture filter settings to a Bambda:

1. In the Logger tab, click the Capture filter bar to open the Logger capture filter window.

2. Make changes to the filter settings (if necessary).

3. At the bottom of the Logger capture filter window, click Convert to Bambda.

Your filter is now converted into a Bambda, enabling you to customize it further using Java.