Burp Suite Bambda
Burp Bambda: How to Analyze Requests Like a pro
Let’s Explore How to use it.?
Following are the topics that we will cover:
- 1️⃣ Burp Bambda: Introduction
- 2️⃣ How to Find Bambda in Burp Professional/Community Version
- 3️⃣ How to Modify Request on Fly
- 4️⃣ How do you write your own filter for web security and inspection?
| Note: The full video is at the bottom.
Burp Bambda: Introduction
Burp Suite’s Bambas is an incredibly powerful tool that offers invaluable assistance in analyzing the behavior of both requests and responses.
In this section, we will delve into the effective utilization of Bambas to identify and address potentially questionable activities on your web server. By leveraging the capabilities of Bambas, you will gain the ability to swiftly diagnose and rectify prevalent security issues that may arise within your web server environment.
By adhering to the guidance provided here, you will acquire the necessary skills to strengthen the security of your web server effortlessly and efficiently.
How to Find Bambda in Burp Professional/Community Version
- Start Burp Professional/Community Version
- Navigate to Burp Proxy & Check HTTP History [ Check Image 2]
Check Bambda Mode down below
How to Modify Request on Fly
In the following screenshot, check the code & boolean matches
return true;
I Expanded boolean matches section & I got following:
What if, if you set return value to false, check below code:
return false;
Now Let’s see what is the meaning of following:
In this code, it state that in Request/Response, show me all request and all response i.e for more information check my video below at the bottom.
Check below screenshot, its showing all Requests and Response
Note: if you set return false; than it will not show any request & response
In the screenshot below, we have set the value to true.
Now for return false, check the below screenshot [ No Request & No Responses]
How do you write your own filter for web security and inspection?
Here are the some examples, check the code below
return requestResponse.response().statusCode()==200;
Explanation of the code:
return requestResponse.response().statusCode()==200;
Explanation: From request & response, show me only response which have status code of 200.
For Offensive Black Hat Training, Check the following Certification
Follow us:
LinkedIn Hacker Associate: https://in.linkedin.com/company/hackerassociate
YouTube Channel Link:
https://www.youtube.com/channel/UCKKQ9cHunjbEnoe4W747SYg
Discord: https://discord.gg/jaRBBXXcqa
Official Web: https://hackerassociate.com/
Twitter: https://twitter.com/harshad_hacker
LinkedIn Personal: https://in.linkedin.com/in/hackerharshad
Telegram: https://t.me/hackerassociate
Video POC:
Burp Suite Bambdas: Analyze Request like a pro
Thanks and Regards
Harshad Shah
Founder & CEO, Hacker Associate