Bambdas enable you to run Java-based code to customize Burp Suite directly from the UI.
Bambdas can run arbitrary code. For security reasons, please be cautious when using Bambdas from unverified sources.
You can currently create Bambdas to help filter the following:
If you're using Burp Suite Professional, you can also use Bambdas in the following ways:
To create custom columns in the following tables:
Proxy HTTP history
Proxy WebSockets history
Logger
The Montoya API makes various objects available to help you write your Bambdas.
To learn what a Bambda is and see a couple of examples, watch the Burp Suite Shorts | Bambdas video on YouTube.
For feature-specific instructions on how to create Bambdas for filtering tables, see the following pages:
For feature-specific instructions on how to create Bambdas for adding custom columns to tables, see the following pages:
For instructions on how to create Bambdas for HTTP match and replace rules, see Match and replace - Bambda mode.
Using slow running or resource-intensive Bambdas can slow down Burp. Write your Bambda carefully to minimize performance implications.
You can save Bambdas as a JSON file. This makes it easy for you to migrate your configuration to other projects.
To save a Bambda:
Your Bambda downloads as a JSON file.
You can load a saved Bambda into other projects.
To load a Bambda:
Your Bambda is now loaded in Burp.
Bambdas are only compatible with the tool that they were exported from. For example, a Bambda created for filtering the HTTP history cannot be loaded in a different Burp tool.
There are two types of error you may encounter when working with Bambdas: compilation and runtime.
Burp highlights compilation errors in real time by underlining them in red in the Bambda mode editor. You must resolve any compilation errors before Burp can apply your Bambda.
To display details of the error, hover over the red underline. If you click Apply while your Bambda contains compilation errors, the error details are shown in the Compilation errors tab.
Runtime errors can occur after a Bambda has been applied. If Burp detects any runtime errors, a warning appears on the filter bar. Click on the filter bar to view the error details, and make changes to the code.
When you write a Bambda, you can share it with the community. This collaboration enables the community to access an ever-growing library of Bambdas through our Bambdas repository on GitHub.
Before you contribute your Bambda, please make sure it meets our submission guidelines.
We also recommend that you run the Bambda Checker before submitting. The Bambda Checker is a Java tool that verifies Bambdas and generates README.md files before submission.
After you've confirmed your Bambda meets our guidelines, please follow these steps to submit it:
Fork the Bambdas repository on GitHub, then clone this fork to your local machine.
Create a new branch for your changes.
Place a new .bambda file in the appropriate directory. The directory structure of the repo is broken down by Bambda type and tool. For example, a custom column Bambda for Logger would be placed in the Custom Columns > Logger directory.
Make any necessary changes.
Push the changes to your fork.
Open a pull request. Make sure to include a concise description of your Bambda in the request.
Your submission will be reviewed by both the community and our team. We encourage you to actively and constructively engage with any feedback received during this process.
If your submission includes multiple Bambdas, you may be asked to split it into multiple pull requests. This could happen if some Bambdas require further feedback, while others are ready to merge.