diff --git a/.github/workflows/bambda-checker-manual.yml b/.github/workflows/bambda-checker-manual.yml index c2cece9..7305dbe 100644 --- a/.github/workflows/bambda-checker-manual.yml +++ b/.github/workflows/bambda-checker-manual.yml @@ -17,8 +17,8 @@ jobs: - name: Validate Bambdas & update READMEs run: | - [ $(sha256sum BambdaChecker-1.2.jar | awk '{ print $1 }') = '30959be3dce023d3b53c4e2507b9db7fed8bfe41501b14bb8c0d4d3a0a50fd71' ] - java -jar BambdaChecker-1.2.jar + [ $(sha256sum BambdaChecker-1.3.jar | awk '{ print $1 }') = '4df32c3375dad2563080fdfb19a85970332ee8c0f635f946e7e5b4994f6442e4' ] + java -jar BambdaChecker-1.3.jar git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" git config --local user.name "github-actions[bot]" git add . diff --git a/.github/workflows/bambda-checker-merge.yml b/.github/workflows/bambda-checker-merge.yml index ea1c4bc..b4f4c0b 100644 --- a/.github/workflows/bambda-checker-merge.yml +++ b/.github/workflows/bambda-checker-merge.yml @@ -23,8 +23,8 @@ jobs: - name: Validate Bambdas & update READMEs run: | - [ $(sha256sum BambdaChecker-1.2.jar | awk '{ print $1 }') = '30959be3dce023d3b53c4e2507b9db7fed8bfe41501b14bb8c0d4d3a0a50fd71' ] - java -jar BambdaChecker-1.2.jar + [ $(sha256sum BambdaChecker-1.3.jar | awk '{ print $1 }') = '4df32c3375dad2563080fdfb19a85970332ee8c0f635f946e7e5b4994f6442e4' ] + java -jar BambdaChecker-1.3.jar git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" git config --local user.name "github-actions[bot]" git add . diff --git a/.github/workflows/bambda-checker-pull-request.yml b/.github/workflows/bambda-checker-pull-request.yml index 7d0db16..8be7c31 100644 --- a/.github/workflows/bambda-checker-pull-request.yml +++ b/.github/workflows/bambda-checker-pull-request.yml @@ -19,5 +19,5 @@ jobs: - name: Validate Bambdas run: | - [ $(sha256sum BambdaChecker-1.2.jar | awk '{ print $1 }') = '30959be3dce023d3b53c4e2507b9db7fed8bfe41501b14bb8c0d4d3a0a50fd71' ] - java -jar BambdaChecker-1.2.jar validateonly + [ $(sha256sum BambdaChecker-1.3.jar | awk '{ print $1 }') = '4df32c3375dad2563080fdfb19a85970332ee8c0f635f946e7e5b4994f6442e4' ] + java -jar BambdaChecker-1.3.jar validateonly diff --git a/BambdaChecker-1.2.jar b/BambdaChecker-1.2.jar deleted file mode 100755 index 5878317..0000000 Binary files a/BambdaChecker-1.2.jar and /dev/null differ diff --git a/BambdaChecker-1.3.jar b/BambdaChecker-1.3.jar new file mode 100755 index 0000000..bb32e2a Binary files /dev/null and b/BambdaChecker-1.3.jar differ diff --git a/CustomColumn/Logger/README.md b/CustomColumn/Logger/README.md new file mode 100644 index 0000000..e69de29 diff --git a/CustomColumn/Proxy/HTTP/README.md b/CustomColumn/Proxy/HTTP/README.md new file mode 100644 index 0000000..e69de29 diff --git a/CustomColumn/Proxy/WS/README.md b/CustomColumn/Proxy/WS/README.md new file mode 100644 index 0000000..e69de29 diff --git a/Logger/View/HighlightToolType.bambda b/Filter/Logger/View/HighlightToolType.bambda similarity index 100% rename from Logger/View/HighlightToolType.bambda rename to Filter/Logger/View/HighlightToolType.bambda diff --git a/Logger/View/README.md b/Filter/Logger/View/README.md similarity index 92% rename from Logger/View/README.md rename to Filter/Logger/View/README.md index e8674df..b057219 100644 --- a/Logger/View/README.md +++ b/Filter/Logger/View/README.md @@ -5,7 +5,7 @@ Please do not manually edit this file, or include any changes to this file in pu --> # Logger View Filter Documentation: [Burp Logger view filter](https://portswigger.net/burp/documentation/desktop/tools/logger/filter-view#bambda-mode) -## [HighlightToolType.bambda](https://github.com/PortSwigger/bambdas/blob/main/Logger/View/HighlightToolType.bambda) +## [HighlightToolType.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Logger/View/HighlightToolType.bambda) ### Highlights messages according to their tool type. #### Author: ps-porpoise ```java @@ -26,7 +26,7 @@ requestResponse.annotations().setHighlightColor( return true; ``` -## [SlowResponses.bambda](https://github.com/PortSwigger/bambdas/blob/main/Logger/View/SlowResponses.bambda) +## [SlowResponses.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Logger/View/SlowResponses.bambda) ### Finds slow responses. #### Author: ps-porpoise ```java diff --git a/Logger/View/SlowResponses.bambda b/Filter/Logger/View/SlowResponses.bambda similarity index 100% rename from Logger/View/SlowResponses.bambda rename to Filter/Logger/View/SlowResponses.bambda diff --git a/Proxy/HTTP/AnnotateSoapRequests.bambda b/Filter/Proxy/HTTP/AnnotateSoapRequests.bambda similarity index 100% rename from Proxy/HTTP/AnnotateSoapRequests.bambda rename to Filter/Proxy/HTTP/AnnotateSoapRequests.bambda diff --git a/Proxy/HTTP/DetectSuspiciousJSFunctions.bambda b/Filter/Proxy/HTTP/DetectSuspiciousJSFunctions.bambda similarity index 100% rename from Proxy/HTTP/DetectSuspiciousJSFunctions.bambda rename to Filter/Proxy/HTTP/DetectSuspiciousJSFunctions.bambda diff --git a/Proxy/HTTP/EmailHighlighter.bambda b/Filter/Proxy/HTTP/EmailHighlighter.bambda similarity index 100% rename from Proxy/HTTP/EmailHighlighter.bambda rename to Filter/Proxy/HTTP/EmailHighlighter.bambda diff --git a/Proxy/HTTP/FilterAuthenticated.bambda b/Filter/Proxy/HTTP/FilterAuthenticated.bambda similarity index 100% rename from Proxy/HTTP/FilterAuthenticated.bambda rename to Filter/Proxy/HTTP/FilterAuthenticated.bambda diff --git a/Proxy/HTTP/FilterAuthenticatedNonBearerTokens.bambda b/Filter/Proxy/HTTP/FilterAuthenticatedNonBearerTokens.bambda similarity index 100% rename from Proxy/HTTP/FilterAuthenticatedNonBearerTokens.bambda rename to Filter/Proxy/HTTP/FilterAuthenticatedNonBearerTokens.bambda diff --git a/Proxy/HTTP/FilterHighlightAnnotateOWASP.bambda b/Filter/Proxy/HTTP/FilterHighlightAnnotateOWASP.bambda similarity index 100% rename from Proxy/HTTP/FilterHighlightAnnotateOWASP.bambda rename to Filter/Proxy/HTTP/FilterHighlightAnnotateOWASP.bambda diff --git a/Proxy/HTTP/FilterOnCookieValue.bambda b/Filter/Proxy/HTTP/FilterOnCookieValue.bambda similarity index 100% rename from Proxy/HTTP/FilterOnCookieValue.bambda rename to Filter/Proxy/HTTP/FilterOnCookieValue.bambda diff --git a/Proxy/HTTP/FilterOnSpecificHighlightColor.bambda b/Filter/Proxy/HTTP/FilterOnSpecificHighlightColor.bambda similarity index 100% rename from Proxy/HTTP/FilterOnSpecificHighlightColor.bambda rename to Filter/Proxy/HTTP/FilterOnSpecificHighlightColor.bambda diff --git a/Proxy/HTTP/FilterOutOptionsRequests.bambda b/Filter/Proxy/HTTP/FilterOutOptionsRequests.bambda similarity index 100% rename from Proxy/HTTP/FilterOutOptionsRequests.bambda rename to Filter/Proxy/HTTP/FilterOutOptionsRequests.bambda diff --git a/Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda b/Filter/Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda similarity index 100% rename from Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda rename to Filter/Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda diff --git a/Proxy/HTTP/GraphQlEndpoints.bambda b/Filter/Proxy/HTTP/GraphQlEndpoints.bambda similarity index 100% rename from Proxy/HTTP/GraphQlEndpoints.bambda rename to Filter/Proxy/HTTP/GraphQlEndpoints.bambda diff --git a/Proxy/HTTP/HighlightDeprecatedHTTPMethods.bambda b/Filter/Proxy/HTTP/HighlightDeprecatedHTTPMethods.bambda similarity index 100% rename from Proxy/HTTP/HighlightDeprecatedHTTPMethods.bambda rename to Filter/Proxy/HTTP/HighlightDeprecatedHTTPMethods.bambda diff --git a/Proxy/HTTP/HighlightListenerPort.bambda b/Filter/Proxy/HTTP/HighlightListenerPort.bambda similarity index 100% rename from Proxy/HTTP/HighlightListenerPort.bambda rename to Filter/Proxy/HTTP/HighlightListenerPort.bambda diff --git a/Proxy/HTTP/HighlightResponsesWithDeveloperNotes.bambda b/Filter/Proxy/HTTP/HighlightResponsesWithDeveloperNotes.bambda similarity index 100% rename from Proxy/HTTP/HighlightResponsesWithDeveloperNotes.bambda rename to Filter/Proxy/HTTP/HighlightResponsesWithDeveloperNotes.bambda diff --git a/Proxy/HTTP/HighlightTrackerServices.bambda b/Filter/Proxy/HTTP/HighlightTrackerServices.bambda similarity index 100% rename from Proxy/HTTP/HighlightTrackerServices.bambda rename to Filter/Proxy/HTTP/HighlightTrackerServices.bambda diff --git a/Proxy/HTTP/HighlightUnencryptedHTTP.bambda b/Filter/Proxy/HTTP/HighlightUnencryptedHTTP.bambda similarity index 100% rename from Proxy/HTTP/HighlightUnencryptedHTTP.bambda rename to Filter/Proxy/HTTP/HighlightUnencryptedHTTP.bambda diff --git a/Proxy/HTTP/HostnameInResponse.bambda b/Filter/Proxy/HTTP/HostnameInResponse.bambda similarity index 100% rename from Proxy/HTTP/HostnameInResponse.bambda rename to Filter/Proxy/HTTP/HostnameInResponse.bambda diff --git a/Proxy/HTTP/IncorrectContentLength.bambda b/Filter/Proxy/HTTP/IncorrectContentLength.bambda similarity index 100% rename from Proxy/HTTP/IncorrectContentLength.bambda rename to Filter/Proxy/HTTP/IncorrectContentLength.bambda diff --git a/Proxy/HTTP/JSONPForCSPBypass.bambda b/Filter/Proxy/HTTP/JSONPForCSPBypass.bambda similarity index 100% rename from Proxy/HTTP/JSONPForCSPBypass.bambda rename to Filter/Proxy/HTTP/JSONPForCSPBypass.bambda diff --git a/Proxy/HTTP/LargeRedirectResponses.bambda b/Filter/Proxy/HTTP/LargeRedirectResponses.bambda similarity index 100% rename from Proxy/HTTP/LargeRedirectResponses.bambda rename to Filter/Proxy/HTTP/LargeRedirectResponses.bambda diff --git a/Proxy/HTTP/MalformedHttpHeader.bambda b/Filter/Proxy/HTTP/MalformedHttpHeader.bambda similarity index 100% rename from Proxy/HTTP/MalformedHttpHeader.bambda rename to Filter/Proxy/HTTP/MalformedHttpHeader.bambda diff --git a/Proxy/HTTP/MultipleHtmlTags.bambda b/Filter/Proxy/HTTP/MultipleHtmlTags.bambda similarity index 100% rename from Proxy/HTTP/MultipleHtmlTags.bambda rename to Filter/Proxy/HTTP/MultipleHtmlTags.bambda diff --git a/Proxy/HTTP/NotesKeywordHighlighter.bambda b/Filter/Proxy/HTTP/NotesKeywordHighlighter.bambda similarity index 100% rename from Proxy/HTTP/NotesKeywordHighlighter.bambda rename to Filter/Proxy/HTTP/NotesKeywordHighlighter.bambda diff --git a/Proxy/HTTP/OWASPTop25VulnerableParameters.bambda b/Filter/Proxy/HTTP/OWASPTop25VulnerableParameters.bambda similarity index 100% rename from Proxy/HTTP/OWASPTop25VulnerableParameters.bambda rename to Filter/Proxy/HTTP/OWASPTop25VulnerableParameters.bambda diff --git a/Proxy/HTTP/README.md b/Filter/Proxy/HTTP/README.md similarity index 94% rename from Proxy/HTTP/README.md rename to Filter/Proxy/HTTP/README.md index e675673..aec42b2 100644 --- a/Proxy/HTTP/README.md +++ b/Filter/Proxy/HTTP/README.md @@ -3,9 +3,9 @@ This file is auto-generated by BambdaChecker. Please do not manually edit this file, or include any changes to this file in pull requests. --> -# Proxy HTTP +# Proxy HTTP Filter Documentation: [Filtering the HTTP history with Bambdas](https://portswigger.net/burp/documentation/desktop/tools/proxy/http-history/bambdas) -## [AnnotateSoapRequests.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/AnnotateSoapRequests.bambda) +## [AnnotateSoapRequests.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/AnnotateSoapRequests.bambda) ### This script populates elements of the SOAP request in the "Notes" column of Burp's Proxy History. You can expand upon the capture groups by editing the RegEx pattern. #### Author: Nick Coblentz (https://github.com/ncoblentz) ```java @@ -35,7 +35,7 @@ if(requestResponse.request().isInScope() return true; ``` -## [DetectSuspiciousJSFunctions.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/DetectSuspiciousJSFunctions.bambda) +## [DetectSuspiciousJSFunctions.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/DetectSuspiciousJSFunctions.bambda) ### Bambda Script to Detect and Highlight Suspicious JavaScript Functions #### Author: Tur24Tur / BugBountyzip (https://github.com/BugBountyzip) ```java @@ -103,7 +103,7 @@ if (foundSuspiciousFunction && enableManualAnnotations) { return foundSuspiciousFunction; ``` -## [EmailHighlighter.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/EmailHighlighter.bambda) +## [EmailHighlighter.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/EmailHighlighter.bambda) ### Script to Filter Out Email Addresses in Responses and Highlight Them if Found #### Author: Tur24Tur / BugBountyzip (https://github.com/BugBountyzip) ```java @@ -150,7 +150,7 @@ if (emailMatcher.find()) { return false; ``` -## [FilterAuthenticated.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/FilterAuthenticated.bambda) +## [FilterAuthenticated.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/FilterAuthenticated.bambda) ### Filters authenticated 200 OK requests in Proxy HTTP history. See four config values below. #### Author: joe-ds (https://github.com/joe-ds) ```java @@ -201,7 +201,7 @@ var filterDenyList = mimeType != MimeType.CSS return (authHeader || sessionCookie) && (configNoFilter || filterDenyList) && (configNotInScopeOnly || request.isInScope()); ``` -## [FilterAuthenticatedNonBearerTokens.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/FilterAuthenticatedNonBearerTokens.bambda) +## [FilterAuthenticatedNonBearerTokens.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/FilterAuthenticatedNonBearerTokens.bambda) ### Filter when an Authorization header is present, not empty and does not include a traditional bearer token (beginning with "ey") #### Author: GangGreenTemperTatum (https://github.com/GangGreenTemperTatum) ```java @@ -239,7 +239,7 @@ var sessionCookie = request.headerValue("Cookie") != null && return !excludeAuthorization || sessionCookie; ``` -## [FilterHighlightAnnotateOWASP.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/FilterHighlightAnnotateOWASP.bambda) +## [FilterHighlightAnnotateOWASP.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/FilterHighlightAnnotateOWASP.bambda) ### Filters Proxy HTTP history for requests with vulnerable parameters based on the OWASP Top 25 using the parameter arrays written by Tur24Tur / BugBountyzip (https://github.com/BugBountyzip). #### Author: Shain Lakin (https://github.com/flamebarke/SkittlesBambda) ```java @@ -301,7 +301,7 @@ if (!foundParams.isEmpty()) { return false; ``` -## [FilterOnCookieValue.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/FilterOnCookieValue.bambda) +## [FilterOnCookieValue.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/FilterOnCookieValue.bambda) ### Filters Proxy HTTP history for requests with a specific Cookie value. #### Author: LostCoder ```java @@ -317,21 +317,21 @@ if (requestResponse.request().hasParameter("foo", HttpParameterType.COOKIE)) { return false; ``` -## [FilterOnSpecificHighlightColor.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/FilterOnSpecificHighlightColor.bambda) +## [FilterOnSpecificHighlightColor.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/FilterOnSpecificHighlightColor.bambda) ### Filters requests/responses for specific highlight colors #### Author: Nick Coblentz (https://github.com/ncoblentz) ```java return requestResponse.annotations().highlightColor().equals(HighlightColor.CYAN); ``` -## [FilterOutOptionsRequests.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/FilterOutOptionsRequests.bambda) +## [FilterOutOptionsRequests.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/FilterOutOptionsRequests.bambda) ### Filter out OPTIONS requests. #### Author: Trikster ```java return !requestResponse.request().method().equals("OPTIONS"); ``` -## [FindJSONresponsesWithIncorrectContentType.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda) +## [FindJSONresponsesWithIncorrectContentType.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/FindJSONresponsesWithIncorrectContentType.bambda) ### Finds JSON responses with wrong Content-Type The content is probably json but the content type is not application/json #### Author: albinowax ```java @@ -346,7 +346,7 @@ if (contentType != null && !contentType.contains("application/json")) { return false; ``` -## [GraphQlEndpoints.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/GraphQlEndpoints.bambda) +## [GraphQlEndpoints.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/GraphQlEndpoints.bambda) ### Finds GraphQL endpoints with a 'query' parameter containing a newline. #### Author: Gareth Hayes ```java @@ -378,7 +378,7 @@ for (HttpParameterType type : types) { return false; ``` -## [HighlightDeprecatedHTTPMethods.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/HighlightDeprecatedHTTPMethods.bambda) +## [HighlightDeprecatedHTTPMethods.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/HighlightDeprecatedHTTPMethods.bambda) ### Filters and highlights requests using less common or deprecated HTTP methods like TRACE or CONNECT. #### Author: Tur24Tur / BugBountyzip (https://github.com/BugBountyzip) ```java @@ -404,7 +404,7 @@ if (deprecatedMethods.contains(requestMethod)) { return false; ``` -## [HighlightListenerPort.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/HighlightListenerPort.bambda) +## [HighlightListenerPort.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/HighlightListenerPort.bambda) ### Highlight different listener port #### Author: Bogo-6 (https://github.com/Bogo-6) ```java @@ -435,7 +435,7 @@ if (manualColorHighlightEnabled && notes != null) { return color != null || notes != null; ``` -## [HighlightResponsesWithDeveloperNotes.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/HighlightResponsesWithDeveloperNotes.bambda) +## [HighlightResponsesWithDeveloperNotes.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/HighlightResponsesWithDeveloperNotes.bambda) ### Bambda Script to Highlight Responses with Developer Notes This script identifies and highlights HTTP responses containing developer notes in HTML and JavaScript files. It highlights HTML responses in green and JavaScript responses in yellow. #### Author: Tur24Tur / BugBountyzip (https://github.com/BugBountyzip) ```java @@ -495,7 +495,7 @@ if (foundDeveloperNotes) { return foundDeveloperNotes; ``` -## [HighlightTrackerServices.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/HighlightTrackerServices.bambda) +## [HighlightTrackerServices.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/HighlightTrackerServices.bambda) ### HighlightTrackerServices: Burp Suite Bambda for Identifying Tracking Services FilterOut Burp Suite history to detect and analyze tracking services from web requests #### Author: Tur24Tur / BugBountyzip (https://github.com/BugBountyzip) ```java @@ -537,7 +537,7 @@ for (HttpParameter param : parameters) { return false; ``` -## [HighlightUnencryptedHTTP.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/HighlightUnencryptedHTTP.bambda) +## [HighlightUnencryptedHTTP.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/HighlightUnencryptedHTTP.bambda) ### Bambda Script to Highlight Unencrypted HTTP Traffic Filters Proxy HTTP history for unencrypted (non-HTTPS) requests. #### Author: Tur24Tur / BugBountyzip (https://github.com/BugBountyzip) ```java @@ -557,7 +557,7 @@ if (requestUrl.startsWith("http://")) { return false; ``` -## [HostnameInResponse.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/HostnameInResponse.bambda) +## [HostnameInResponse.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/HostnameInResponse.bambda) ### Finds responses which contain the hostname. Useful to identify possible attack surface for host header injection and web cache poisioning attacks. #### Author: emanuelduss ```java @@ -566,7 +566,7 @@ var hostname = requestResponse.request().headerValue("Host"); return requestResponse.hasResponse() && requestResponse.response().contains(hostname, false); ``` -## [IncorrectContentLength.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/IncorrectContentLength.bambda) +## [IncorrectContentLength.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/IncorrectContentLength.bambda) ### Finds responses whose body length do not match their stated Content-Length header. #### Author: albinowax ```java @@ -580,7 +580,7 @@ int declaredContentLength = Integer.parseInt(requestResponse.response().headerVa return declaredContentLength != realContentLength; ``` -## [JSONPForCSPBypass.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/JSONPForCSPBypass.bambda) +## [JSONPForCSPBypass.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/JSONPForCSPBypass.bambda) ### JSONP for CSP bypass. #### Author: Gareth Hayes ```java @@ -610,7 +610,7 @@ for (var param : params) { return false; ``` -## [LargeRedirectResponses.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/LargeRedirectResponses.bambda) +## [LargeRedirectResponses.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/LargeRedirectResponses.bambda) ### Flags redirect responses with a body over 1000 bytes. #### Author: albinowax ```java @@ -620,7 +620,7 @@ return requestResponse.hasResponse() && requestResponse.response().body().length() > 1000; ``` -## [MalformedHttpHeader.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/MalformedHttpHeader.bambda) +## [MalformedHttpHeader.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/MalformedHttpHeader.bambda) ### Finds malformed HTTP headers containing spaces within their names. #### Author: albinowax ```java @@ -628,7 +628,7 @@ return requestResponse.response().headers().stream() .anyMatch(e -> e.name().contains(" ")); ``` -## [MultipleHtmlTags.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/MultipleHtmlTags.bambda) +## [MultipleHtmlTags.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/MultipleHtmlTags.bambda) ### Finds responses with multiple HTML closing tags. #### Author: albinowax ```java @@ -638,7 +638,7 @@ return requestResponse.hasResponse() && requestResponse.response().body().getBytes(), "".getBytes()) > 1; ``` -## [NotesKeywordHighlighter.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/NotesKeywordHighlighter.bambda) +## [NotesKeywordHighlighter.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/NotesKeywordHighlighter.bambda) ### Finds entries with notes containing a specified keyword #### Author: Tur24Tur / BugBountyzip (https://github.com/BugBountyzip) ```java @@ -667,7 +667,7 @@ if (requestResponse.annotations().hasNotes()) { return false; ``` -## [OWASPTop25VulnerableParameters.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/OWASPTop25VulnerableParameters.bambda) +## [OWASPTop25VulnerableParameters.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/OWASPTop25VulnerableParameters.bambda) ### Filters Proxy HTTP history for requests with vulnerable parameters based on the OWASP Top 25 #### Author: Tur24Tur / BugBountyzip (https://github.com/BugBountyzip) ```java @@ -713,7 +713,7 @@ for (String param : parameterNames) { return false; ``` -## [RedirectedToParameterValue.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/RedirectedToParameterValue.bambda) +## [RedirectedToParameterValue.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/RedirectedToParameterValue.bambda) ### Finds responses which redirect to locations provided as GET parameters. Useful to identify possible attack surface for open redirects. This can be used for phishing, CSP bypasses or OAuth token stealing. #### Author: emanuelduss ```java @@ -738,7 +738,7 @@ if (request.hasParameters() && response.isStatusCodeClass(StatusCodeClass.CLASS_ return false; ``` -## [ReflectedParameters.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/ReflectedParameters.bambda) +## [ReflectedParameters.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/ReflectedParameters.bambda) ### Finds responses which reflect parameter names and values. Useful to identify possible attack surface for XSS, SSTI, header injection, open redirects or similar. #### Author: emanuelduss ```java @@ -788,7 +788,7 @@ if (request.hasParameters()){ return false; ``` -## [ShowRequestsBetweenDates.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/ShowRequestsBetweenDates.bambda) +## [ShowRequestsBetweenDates.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/ShowRequestsBetweenDates.bambda) ### Shows Requests/Responses before, after, or between specified dates #### Author: Nick Coblentz (https://github.com/ncoblentz) ```java @@ -815,7 +815,7 @@ if (requestsBeforeThisDate != null) return afterCheck && beforeCheck; ``` -## [UrlInParameter.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/HTTP/UrlInParameter.bambda) +## [UrlInParameter.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/HTTP/UrlInParameter.bambda) ### Finds requests containing URLs. Useful to identify possible attack surface for SSRF. #### Author: emanuelduss ```java diff --git a/Proxy/HTTP/RedirectedToParameterValue.bambda b/Filter/Proxy/HTTP/RedirectedToParameterValue.bambda similarity index 100% rename from Proxy/HTTP/RedirectedToParameterValue.bambda rename to Filter/Proxy/HTTP/RedirectedToParameterValue.bambda diff --git a/Proxy/HTTP/ReflectedParameters.bambda b/Filter/Proxy/HTTP/ReflectedParameters.bambda similarity index 100% rename from Proxy/HTTP/ReflectedParameters.bambda rename to Filter/Proxy/HTTP/ReflectedParameters.bambda diff --git a/Proxy/HTTP/ShowRequestsBetweenDates.bambda b/Filter/Proxy/HTTP/ShowRequestsBetweenDates.bambda similarity index 100% rename from Proxy/HTTP/ShowRequestsBetweenDates.bambda rename to Filter/Proxy/HTTP/ShowRequestsBetweenDates.bambda diff --git a/Proxy/HTTP/UrlInParameter.bambda b/Filter/Proxy/HTTP/UrlInParameter.bambda similarity index 100% rename from Proxy/HTTP/UrlInParameter.bambda rename to Filter/Proxy/HTTP/UrlInParameter.bambda diff --git a/Proxy/WS/ExtractPayloadToNotes.bambda b/Filter/Proxy/WS/ExtractPayloadToNotes.bambda similarity index 100% rename from Proxy/WS/ExtractPayloadToNotes.bambda rename to Filter/Proxy/WS/ExtractPayloadToNotes.bambda diff --git a/Proxy/WS/README.md b/Filter/Proxy/WS/README.md similarity index 93% rename from Proxy/WS/README.md rename to Filter/Proxy/WS/README.md index 91161ba..efa2015 100644 --- a/Proxy/WS/README.md +++ b/Filter/Proxy/WS/README.md @@ -3,9 +3,9 @@ This file is auto-generated by BambdaChecker. Please do not manually edit this file, or include any changes to this file in pull requests. --> -# Proxy WebSockets +# Proxy WebSockets Filter Documentation: [Filtering the WebSockets history with Bambdas](https://portswigger.net/burp/documentation/desktop/tools/proxy/websockets-history/bambdas) -## [ExtractPayloadToNotes.bambda](https://github.com/PortSwigger/bambdas/blob/main/Proxy/WS/ExtractPayloadToNotes.bambda) +## [ExtractPayloadToNotes.bambda](https://github.com/PortSwigger/bambdas/blob/main/Filter/Proxy/WS/ExtractPayloadToNotes.bambda) ### Extracts JSON elements from the WebSocket message and displays it in the "Notes" column of the WebSocket History tab #### Author: Nick Coblentz (https://github.com/ncoblentz) ```java