The Bambda Marketplace is a hub for Burp Suite Bambdas, created by users to expand the scope of Burp Suite's abilities.

MultipleHtmlTags	15 Dec 2023	Script to Filter Out Email Addresses in Responses and Highlight Them if Found. Created by @albinowax
SuspiciousJSFunctions	11 Dec 2023	Detect and Highlight Suspicious JavaScript Functions. Created by @Tur24Tur
HighlightTrackerServices	20 Dec 2023	Burp Suite Bambda for Identifying Tracking Services FilterOut Burp Suite history to detect and analyze tracking services from web requests Created by @Tur24Tur
AnnotateSoapRequests	15 Dec 2023	This script populates elements of the SOAP request in the "Notes" column of Burp's Proxy History. You can expand upon the capture groups by editing the RegEx pattern. Created by @NickCoblentz
EmailHighlighter	11 Dec 2023	Script to Filter Out Email Addresses in Responses and Highlight Them if Found. Created by @Tur24Tur
DeprecatedHTTPMethods	09 Dec 2023	Filters and highlights requests using less common or deprecated HTTP methods like TRACE or CONNECT. Created by @Tur24Tur
DeveloperNotes	11 Dec 2023	This script identifies and highlights HTTP responses containing developer notes in HTML and JavaScript files. * It highlights HTML responses in green and JavaScript responses in yellow. Created by @Tur24Tur
UnencryptedHTTP	11 Dec 2023	Bambda Script to Highlight Unencrypted HTTP Traffic * Filters Proxy HTTP history for unencrypted (non-HTTPS) requests Created by @Tur24Tur
NotesKeywordHighlighter	11 Dec 2023	This Bambda filters Proxy HTTP history for entries with notes containing a specified keyword. * It checks for a specific keyword within the notes and highlights the matching entries. * Users can easily modify the 'keyword' variable to suit their specific search criteria. Created by @Tur24Tur
VulnerableParameters	02 Dec 2023	Filters Proxy HTTP history for requests with vulnerable parameters based on the OWASP Top 25. Created by @Tur24Tur
HighlightAnnotateOWASP	09 Dec 2023	Filters Proxy HTTP history for requests with vulnerable parameters based on the OWASP Top 25 Using the parameter arrays written by Tur24Tur / BugBountyzip. Implements colour highlighting for each class of vulnerability along with * automatic note annotations detailing the parameter to test and class of vulnerability. Created by @Shain L.
FilterOnCookieValue	02 Dec 2023	Filters Proxy HTTP history for requests with a specific Cookie value. Created by LostCoder
Filters for specific highlight colors	02 Dec 2023	Filters requests/responses for specific highlight colors. Created by @Ncoblentz
Filter out OPTIONS requests	02 Dec 2023	Filter out OPTIONS requests. Created by. Trikster
JSONresponsesWith	15 Dec 2023	Finds JSON responses with wrong Content-Type. The content is probably json but the content type is not application/json. Created by @albinowax
IncorrectContentLength	15 Dec 2023	Finds responses whose body length do not match their stated Content-Length header. Created by @albinowax
Host name In Response	20 Dec 2023	Finds responses which contain the hostname, Useful to identify possible attack surface for host header injection and web cache poisioning attacks. Created by @emanuelduss
LargeRedirectResponses	15 Dec 2023	Flags redirect responses with a body over 1000 bytes. Can indicate sites that forgot to terminate script execution when the user fails authentication, typically leading to information disclosure. Created by @albinowax
MalformedHttpHeader	13 Dec 2023	Finds malformed HTTP headers containing spaces within their names. Created by @albinowax
GraphQlEndpoints	13 Dec 2023	Finds GraphQL endpoints with a 'query' parameter containing a newline. Created by @garethheyes
JSONPForCSPBypass	13 Dec 2023	Finds scripts on the site that you can control because the CSP allows "same site" script resources. Created by @garethheyes

Burp finds the bugs, Bambda makes them history.

Note

Contributors

Bambda Marketplace