Burp Suite Bambda

Burp Bambda: How to Analyze Requests Like a pro

Let’s Explore How to use it.?

Burp Bambda: Analyze Requests Like a pro

Following are the topics that we will cover:

• 1️⃣ Burp Bambda: Introduction
• 2️⃣ How to Find Bambda in Burp Professional/Community Version
• 3️⃣ How to Modify Request on Fly
• 4️⃣ How do you write your own filter for web security and inspection?

| Note: The full video is at the bottom.

Burp Bambda: Introduction

Burp Suite’s Bambas is an incredibly powerful tool that offers invaluable assistance in analyzing the behavior of both requests and responses.

In this section, we will delve into the effective utilization of Bambas to identify and address potentially questionable activities on your web server. By leveraging the capabilities of Bambas, you will gain the ability to swiftly diagnose and rectify prevalent security issues that may arise within your web server environment.

By adhering to the guidance provided here, you will acquire the necessary skills to strengthen the security of your web server effortlessly and efficiently.

How to Find Bambda in Burp Professional/Community Version

• Start Burp Professional/Community Version
• Navigate to Burp Proxy & Check HTTP History [ Check Image 2]

Image1: Start Burp Professional/Community Version

Image2: Navigate to Burp Proxy & Check HTTP History

Check Bambda Mode down below

Bambda Mode

How to Modify Request on Fly

In the following screenshot, check the code & boolean matches

return true;

I Expanded boolean matches section & I got following:

What if, if you set return value to false, check below code:

return false;

Now Let’s see what is the meaning of following:

In this code, it state that in Request/Response, show me all request and all response i.e for more information check my video below at the bottom.

Check below screenshot, its showing all Requests and Response

Note: if you set return false; than it will not show any request & response

In the screenshot below, we have set the value to true.

return true;

Now for return false, check the below screenshot [ No Request & No Responses]

return false;

How do you write your own filter for web security and inspection?

Here are the some examples, check the code below

return requestResponse.response().statusCode()==200;

Explanation of the code:

return requestResponse.response().statusCode()==200;

Explanation: From request & response, show me only response which have status code of 200.

responses from the request and response pair that have a status code of 200

For Offensive Black Hat Training, Check the following Certification

https://hackerassociate.com/awapt-advanced-web-application-penetration-testing-training-and-certification/

Follow us:

LinkedIn Hacker Associate: https://in.linkedin.com/company/hackerassociate

YouTube Channel Link:

https://www.youtube.com/channel/UCKKQ9cHunjbEnoe4W747SYg

Discord: https://discord.gg/jaRBBXXcqa

Official Web: https://hackerassociate.com/

Twitter: https://twitter.com/harshad_hacker

LinkedIn Personal: https://in.linkedin.com/in/hackerharshad

Telegram: https://t.me/hackerassociate

Video POC:

Burp Suite Bambdas: Analyze Request like a pro

Thanks and Regards

Harshad Shah

Founder & CEO, Hacker Associate