Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Use Bambdas to filter based on Original request instead of Modified request

Elliot | Last updated: Mar 11, 2024 05:07PM UTC

A typical usage pattern for me in application testing is that I will write python scripts to automate various attacks against endpoints &c. What I want to do is add a header each request of the form "Script-Name: sys.argv[0]". My burp configuration json file has an entry in `.proxy.match_replace_rules` of the form ``` { "comment":"Strip out Script-Name Header string", "enabled":true, "is_simple_match":false, "rule_type":"request_header", "string_match":"^Script-Name: .*$" } ``` Basically the idea is to add some metadata to the requests for my purposes, but strip it out before sending it on to the remote server. (Not stripping it out has not mattered yet, but it seems like better opsec in general). Both parts of the sequence work, and my Burp Proxy History has entries with Original and Auto-Modified requests. However, if I write a bambda search function of the form ``` return requestResponse.request().hasHeader("Script-Name") ``` I get no results. (This is also the case if I use `requestResponse.finalRequest()`). I can't find any way to filter based on the original request. There are ways of tagging the requests w/o that tag information being useful to the remote server (e.g. the version of Firefox in the User-Agent header could be set to some number based on the script in use, I was already sending other tools through different ports), but it would be easier in general if I could just filter based on original requests. Is there already a way to do this—I could have easily missed the relevant part of the documentation—or does this need to be added?

Michelle, PortSwigger Agent | Last updated: Mar 12, 2024 02:09PM UTC

Hi You haven't missed anything in the documentation. Currently, you can only filter on the requests that have been sent by the Proxy (and the responses received by the Proxy). We are tracking requests for other potential use cases, so we'll note this on the list, although we can't make any promises at this stage. In the meantime, if you could add a comment to the requests, you could then potentially filter on the comment instead and look at creating an extension to do this: https://portswigger.net/burp/documentation/desktop/extensions/creating https://portswigger.github.io/burp-extensions-montoya-api/javadoc/burp/api/montoya/proxy/http/ProxyRequestHandler.html I hope this helps. Please let me know if you have any questions.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.