ProfessionalCommunity Edition

Filtering the HTTP history with Bambdas

• Last updated: March 1, 2024

• Read time: 2 Minutes

You can write Java-based Bambdas to create custom filters for your HTTP history.

Two objects of the Montoya API are available to help you write your Bambdas:

• ProxyHttpRequestResponse

• Utilities

To create a Bambda to filter your HTTP history:

1. In the Proxy > HTTP history tab, click the filter bar to open the HTTP history filter window.

   The filter bar only appears when there is one or more messages in your HTTP history.

2. In the HTTP history filter window, click the Bambda mode tab.

3. Write your Bambda using Java.

4. Click Apply.

Burp compiles your Bambda and applies it to every item already logged in your HTTP history, and to any future HTTP traffic generated in this project.

Example Bambda

In the example below, we'll create a Bambda that filters the HTTP history to show only items that meet the following criteria:

• The request must have a response.

• The response must have a 3XX status code.

• The response must have a cookie set with the name session.

In this example, our Bambda is:

if (!requestResponse.hasResponse()) { return false; } var response = requestResponse.response(); return response.isStatusCodeClass(StatusCodeClass.CLASS_3XX_REDIRECTION) && response.hasCookie("session");

Converting HTTP history filter settings to Bambdas

If you have already used Settings mode to configure an HTTP history filter, you can convert these settings to a Bambda.

To convert your filter settings to a Bambda:

1. In the Proxy > HTTP history tab, click the filter bar to open the HTTP history filter window.

2. Make changes to the filter settings (if necessary).

3. At the bottom of the HTTP history filter window, click Convert to Bambda.

Your filter is now converted into a Bambda, enabling you to customize it further using Java.