Burp Suite User Forum

Login to post

How is the ProxyHistoryFilter used?

John | Last updated: Jun 17, 2023 10:47AM UTC

I am trying to use the new ProxyHistoryFilter API to filter messaged with custom logic. the general idea is to transform an encoded request/response body then use the user's supplied regex/text to search that. However, the problem is that the interface only checks the contents of the request/response body, because this function doesn't also take the contents of the search pane in the Proxy window. What is the best way to read this data? I did not see it in the new montoya API and digging around in the legacy API did not seem to show it either.

Hannah, PortSwigger Agent | Last updated: Jun 21, 2023 10:18AM UTC

Hi

Can you provide more information on the functionality you are trying to implement?

You don't have to match on the contents of the request/response body. You can retrieve any of the information associated with your ProxyRequestResponse item.

I've included an example that matches against a request header.
import burp.api.montoya.BurpExtension;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.message.HttpHeader;
import burp.api.montoya.proxy.ProxyHistoryFilter;
import burp.api.montoya.proxy.ProxyHttpRequestResponse;

import java.util.List;

public class ProxyHistoryFilterExtension implements BurpExtension
{
    @Override
    public void initialize(MontoyaApi api)
    {
        api.extension().setName("Test proxy history filter");

        ProxyHistoryFilter phf = requestResponse -> requestResponse.finalRequest().headers().contains(HttpHeader.httpHeader("Host", "portswigger-labs.net"));

        List<ProxyHttpRequestResponse> matchedItems = api.proxy().history(phf);

        matchedItems.forEach(i -> api.logging().logToOutput(i.finalRequest().url()));
    }
}

John | Last updated: Jun 29, 2023 12:51PM UTC

Hi Hannah, thanks for your reply. Our client has a custom encryption protocol for message bodies. Using Extender to make a tool to decrypt these in a seperate Burp window is ok. What I would like to do is use the Burp History Filter to be able to search these- that is, to enter a string and return requests that have that string in their decrypted body. I can see above that searching based on a fixed string is fine, but during testing we have the need to search custom queries. Thanks, John

Hannah, PortSwigger Agent | Last updated: Jul 03, 2023 01:35PM UTC

Hi John As part of your extension, could you encrypt your search string, then look for the encrypted text or byte sequence within the body of the requests/responses using the ProxyHistoryFilter?

You need to Log in to post a reply. Or register here, for free.