Skip to content
/ SkittlesBambda Public

Filters and highlights Proxy HTTP history for requests with potentially vulnerable parameters

www.phrack.me/tools/2023/12/04/burp-bambdas.html
22 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

flamebarke/SkittlesBambda

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
README.md
README.md
 
 
SkittlesBambda.bambda
SkittlesBambda.bambda
 
 
bambda.png
bambda.png
 
 

Repository files navigation

SkittlesBambda

If you haven't heard of Bambdas before check out the PortSwigger announcement first.

This Burp Suite Bambda was inspired by the below Bambda I stumbled across on github:

https://github.com/BugBountyzip/Bambdas

and this code posted on X by @irsdl:

https://x.com/irsdl/status/1729261410830725368?s=20

I took a look at both Bambdas, combined some functions, added some extra code and came up with a Bambda that:

  1. Identifies potentially vulnerable parameters
  2. Filters the requests within the http proxy history
  3. Applies a colour highlight for each different vuln class (SSRF, SQLi, XSS, LFI, RCE)
  4. If multiple classes of vulnerability apply the request is highlighted magenta
  5. Adds a note annotation containing the potential vuln class and the matched parameter (concatenates multiple vuln classes if present)

It's super easy to modify this function, just add in new parameters or a whole new custom array if you are looking for something specific.

Bambda

About

Filters and highlights Proxy HTTP history for requests with potentially vulnerable parameters

www.phrack.me/tools/2023/12/04/Burp-Bambdas.html

Resources

Readme
Activity

Stars

22 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages