Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How is the ProxyHistoryFilter used?

John | Last updated: Jun 17, 2023 10:47AM UTC

I am trying to use the new ProxyHistoryFilter API to filter messaged with custom logic. the general idea is to transform an encoded request/response body then use the user's supplied regex/text to search that. However, the problem is that the interface only checks the contents of the request/response body, because this function doesn't also take the contents of the search pane in the Proxy window. What is the best way to read this data? I did not see it in the new montoya API and digging around in the legacy API did not seem to show it either.

Hannah, PortSwigger Agent | Last updated: Jun 21, 2023 10:18AM UTC

Hi

Can you provide more information on the functionality you are trying to implement?

You don't have to match on the contents of the request/response body. You can retrieve any of the information associated with your ProxyRequestResponse item.

I've included an example that matches against a request header.
import burp.api.montoya.BurpExtension;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.message.HttpHeader;
import burp.api.montoya.proxy.ProxyHistoryFilter;
import burp.api.montoya.proxy.ProxyHttpRequestResponse;

import java.util.List;

public class ProxyHistoryFilterExtension implements BurpExtension
{
    @Override
    public void initialize(MontoyaApi api)
    {
        api.extension().setName("Test proxy history filter");

        ProxyHistoryFilter phf = requestResponse -> requestResponse.finalRequest().headers().contains(HttpHeader.httpHeader("Host", "portswigger-labs.net"));

        List<ProxyHttpRequestResponse> matchedItems = api.proxy().history(phf);

        matchedItems.forEach(i -> api.logging().logToOutput(i.finalRequest().url()));
    }
}

John | Last updated: Jun 29, 2023 12:51PM UTC

Hi Hannah, thanks for your reply. Our client has a custom encryption protocol for message bodies. Using Extender to make a tool to decrypt these in a seperate Burp window is ok. What I would like to do is use the Burp History Filter to be able to search these- that is, to enter a string and return requests that have that string in their decrypted body. I can see above that searching based on a fixed string is fine, but during testing we have the need to search custom queries. Thanks, John

Hannah, PortSwigger Agent | Last updated: Jul 03, 2023 01:35PM UTC