PROFESSIONALCOMMUNITY

Filtering the HTTP history with Bambdas

  • Last updated: October 20, 2023

  • Read time: 2 Minutes

You can use Burp's Java-based Bambdas to write custom filters for your Proxy HTTP history.

Two interfaces of the Montoya API are available to help you write your Bambdas:

  • ProxyHttpRequestResponse
  • Utilities

Creating Bambdas

To create a Bambda:

  1. In the Proxy > HTTP history tab, click the filter bar to open the Configure filter window.

    The filter bar only appears when there is one or more messages in your HTTP history.

  2. In the Configure filter window, click the Bambda mode tab.
  3. Write your Bambda using Java. Burp's Bambda editor has a built-in autocomplete function that helps you to write and edit your Bambdas quickly and easily.
  4. Click Apply.

Burp compiles your Bambda and applies it to every item already logged in your HTTP history, and to any future traffic generated during your session.

Example Bambda

In the example below, we'll create a Bambda that filters the HTTP history to show only requests that meet the following criteria:

  • The request must have a response.
  • The response must have a 3XX status code.
  • The response must have a cookie set with the name session.

In this example, our Bambda is:

if (!requestResponse.hasResponse()) { return false; } var response = requestResponse.response(); return response.isStatusCodeClass(StatusCodeClass.CLASS_3XX_REDIRECTION) && response.hasCookie("session");

Converting settings to Bambdas

If you have already used the Filter settings menu to configure your filter, you can convert these settings to a Bambda.

Note

Converting your filter settings overwrites any Bambda already in your project.

To convert your filter settings to Bambdas:

  1. In the Proxy > HTTP history tab, click the filter bar to open the Configure filter window.
  2. Make changes to the filter settings (if necessary).
  3. At the bottom of the Configure filter window, click Convert to Bambda.

Saving Bambdas

You can save your Bambda as a JSON file. This makes it easy for you to migrate your filter configuration to other projects.

To save a Bambda:

  1. In the Bambda mode tab of the Configure filter window, click Settings .
  2. Click Save settings.

Your Bambda is now downloaded as a JSON file.

Loading Bambdas

You can load a saved Bambda into other projects.

To load a Bambda:

  1. In the Bambda mode tab of the Configure filter window, click Settings .
  2. Click Load settings, then select your Bambda JSON file via the system dialogue.
  3. Click Apply.

Troubleshooting

There are two types of error you may encounter when working with Bambdas: compilation and runtime.

Compilation errors

Burp highlights compilation errors in real time by underlining them in red in the Bambda mode editor. You must resolve any compilation errors before Burp can apply your Bambda.

Specific details of the error and its location are displayed when you hover over the red underline - and in the Compilation errors tab, which is displayed if you click Apply while your Bambda contains compilation errors.

Runtime errors

Runtime errors can occur after the Bambda has been applied. If Burp detects any runtime errors, a banner appears above the filter bar on the Proxy > HTTP history. Click Edit Bambda to view the error details, and make changes to the code.

Was this article helpful?