Professional

Creating HTTP match and replace rules with Bambdas

• Last updated: February 13, 2025

• Read time: 3 Minutes

You can apply Java-based Bambdas to create powerful HTTP match and replace rules. You can do this in two ways:

• Load existing Bambdas - Load Bambdas from your Bambda library.

• Create new Bambdas - Write and apply custom Bambdas directly.

Keyboard shortcuts

To speed up your workflow when creating or loading Bambdas, you can use the following keyboard shortcuts:

• Save - Ctrl + S or Cmd + S

• Save as - Ctrl + Shift + S or Cmd + Shift + S

• Create new Bambda - Ctrl + N or Cmd + N

• Load recent Bambda - Ctrl + O or Cmd + O

Loading Bambdas from your library

You can load and apply Bambdas that are stored in your library to add a new rule.

To load a Bambda from your library:

1. In Proxy > Match and replace, click Add to open the Add match/replace rule window.

2. In the Add match/replace rule window, click Bambda mode.

3. Click Load.

4. Select a recent Bambda from the list.

5. [Optional] If required, edit the Bambda:

   1. Make your changes.

   2. Test the rule using the built-in test function. For more information, see Testing HTTP match and replace rules.

   3. Save your changes:

      • To overwrite the existing Bambda, click Save > Save.

      • To save a new version, click Save > Save as.

6. Click OK.

If the Bambda is error-free, it's added to the HTTP match and replace rules table and automatically enabled for the current project.

If errors exist, they appear in the Compilation errors panel. You'll need to fix these before you can add the Bambda to the table. For more information, see Troubleshooting Bambdas.

Creating custom Bambdas

You can write your own Bambdas directly in the Add match/replace rule window.

Two objects of the Montoya API are available to help you write your Bambda:

• ProxyHttpRequestResponse

• Utilities

The Bambda must return either the HttpRequest or HttpResponse object.

For advanced use cases, you can also access a subset of the Montoya API functionality. This enables you to create more complex Bambdas.

To create a Bambda to add a new rule:

1. In Proxy > Match and replace, click Add to open the Add match/replace rule window.

2. In the Add match/replace rule window, click Bambda mode.

3. Write your Bambda using Java.

4. Test the rule using the built-in test function. For more information, see Testing HTTP match and replace rules.

5. [Optional] Click Save > Save. The Bambda is saved to your Bambda library for future use across Burp.

6. Click Apply & close.

If the Bambda is error-free, it's added to the HTTP match and replace rules table and automatically enabled for the current project.

If errors exist, they appear in the Compilation errors panel. You'll need to fix these before you can add the Bambda to the table. For more information, see Troubleshooting Bambdas.

Example Bambdas

In the example below, we'll create a Request Bambda that forces all HTTP requests to https://ginandjuice.shop and adds a User: Admin header.

In this example, our Bambda is:

return requestResponse.request() .withService(HttpService.httpService("https://ginandjuice.shop")) .withAddedHeader("User", "Admin") .withUpdatedHeader("Host", "ginandjuice.shop");

In the example below, we'll create a Response Bambda that uses the MontoyaAPI functionality to send items to Organizer with the note "Cached response" when they meet the following criteria:

• The response has an X-Cache header with a value of Hit.

In this example, our Bambda is:

if(requestResponse.response().headerValue("X-Cache").contains("Hit")) { api().organizer().sendToOrganizer(HttpRequestResponse.httpRequestResponse(requestResponse.request(), requestResponse.response(), Annotations.annotations("Cached response"))); } return requestResponse.response();