Burp Bambda

Burp Bambda: How to Analyze Requests Like a?pro

Let’s Explore How to use?it.??

Following are the topics that we will?cover:

• 1?? Burp Bambda: Introduction
• 2?? How to Find Bambda in Burp Professional/Community Version
• 3?? How to Modify Request on Fly
• 4?? How do you write your own filter for web security and inspection?

Note: The full video is at the bottom.

Burp Bambda: Introduction

Burp Suite’s Bambas is an incredibly powerful tool that offers invaluable assistance in analyzing the behavior of both requests and responses.?

In this section, we will delve into the effective utilization of Bambas to identify and address potentially questionable activities on your web server. By leveraging the capabilities of Bambas, you will gain the ability to swiftly diagnose and rectify prevalent security issues that may arise within your web server environment.?

By adhering to the guidance provided here, you will acquire the necessary skills to strengthen the security of your web server effortlessly and efficiently.

How to Find Bambda in Burp Professional/Community Version

• Start Burp Professional/Community Version [ Image 1 ]
• Navigate to Burp Proxy & Check HTTP History [ Check Image 2]?

Check Bambda Mode down below?

How to Modify Request on?Fly

In the following screenshot, check the code & boolean matches?

return true;        

I Expanded boolean matches section & I got following:

What if, if you set return value to false, check below code:

return false;        

Now Let’s see what is the meaning of following:

In this code, it state that in Request/Response, show me all request and all response i.e for more information check my video below at the bottom.

Check below screenshot, its showing all Requests and Response?

Note: if you set return false; than it will not show any request & response?

In the screenshot below, we have set the value to true.

Now for return false, check the below screenshot [ No Request & No Responses]?

How do you write your own filter for web security and inspection?

Here are the some examples, check the code below

return requestResponse.response().statusCode()==200;        

Explanation of the code:

return requestResponse.response().statusCode()==200;        

Explanation: From request & response, show me only response which have status code of 200.

For Offensive Black Hat Training, Check the following Certification

https://hackerassociate.com/awapt-advanced-web-application-penetration-testing-training-and-certification/

Video POC:

Burp Suite Bambdas: Analyze Request like a?pro

Follow us:

LinkedIn Hacker Associate:

YouTube Channel Link:

Discord:

Official Web:

Twitter:

LinkedIn Personal:

Telegram:

Thanks and Regards

Harshad Shah

Founder & CEO, Hacker Associate