Simple list of custom bambdas for "custom actions" and proxy history filtering
- Download the scripts
git clone https://github.com/mathis2001/Burp-Bambda
- Open Burp,
- Go to "Extension",
- Go to "Bambda Library",
- Click on "Import",
- Import the scripts.
Then to use them:
- Go to "Repeater",
- Then go to "Custom Actions",
- Click on "Load" and choose the wanted script.
- Download the scripts,
git clone https://github.com/mathis2001/Burp-Bambda
- Open Burp,
- Go to "Extension",
- Click on "Import",
- Import the scripts.
Then to use them:
- Go to "Proxy",
- Click on the "Filter settings" bar,
- Choose the "Bambda mode",
- Click on "Load" and choose the wanted script,
- Finally, click on "Apply & close".
Allows you to define a list of (bearer) tokens for different roles/users of the application and repeat the original request with each of them. Then it return the status code and the body of the responses.
Repeat the original request with different Authorization methods (Basic, Bearer and NTLMSSP) and values to check how they are handled.
Repeat the original request with a list of HTTP methods and return the status code and body of the request.
Repeat the request with HTTP headers often used to spoof the client IP like X-Client-IP, X-Forwarded-For etc to check for IP restriction bypasses.
Highlight HTTP responses containing potentially dangerous JS Functions in the HTTP history
[ToDo]
Highlight HTTP requests containing parameters that are often vulnerable to SSRF (Yellow), SQLi (Red), XSS (Blue), LFI (Orange), Open Redirect (Green) and RCE (White)
Match any HTTPS URLs in requests and replace them by a burp collaborator payload.
Analyze selected Swagger/OpenAPI specification with AI to give some hints based on the OWASP API top 10.
