Bambdas collection for Burp Suite Professional and Community.
License: GNU Lesser General Public License v3.0
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot]")
I'm surprised to see that this bambda is looking for a Authorization header in responses. Maybe that exists, but it seems quite uncommon to send back a JWT that way.
Here's my own version, looking for JWT in request header Authorization
if (requestResponse.hasResponse() && requestResponse.request().hasHeader("authorization")) {
var authValue = requestResponse.request().headerValue("authorization");
if (authValue.startsWith("Bearer ey")) {
if (authValue.split("\\.").length == 3) {
return true;
}
}
}
return false;Line 12 can be safely removed (the variable is defined but not used)
Dear PortSwigger Team,
I have successfully secured the Twitter handles @Bambdas and @Bambda_Store. These accounts will serve as valuable resources for sharing our latest Bambda scripts upon their release. Our vision is to create an interactive space where the community can engage in exchanging ideas, showcasing their script creations, and learning from one another.
We believe that this community-focused initiative will greatly enhance the visibility and growth of Burp Suite, particularly in showcasing the versatility and utility of Bambda scripts. I am excited about the potential of these accounts to foster collaboration and innovation within our user base.
Looking forward to your thoughts and support in this endeavor.
Best regards,
Is it possible to retain the state between requests? E.g., I want to show only one instance of each unique request. Could I calculate an MD5 hash of each request and compare it to a list of "I've seen this one before"'s before choosing to display it?
If not, could this be added as a feature in a future version of Bambdas?
Hi PortSwigger ,
It's possible to filter burp history to get unique endpoints that contains "something" e.g. if I have
https://url/path?url=ssss
https://url/path?url=dddd
https://url/user
and the three contains "something" in their responses so it's possible to filter that and only get unique endpoints based on HOST AND Path e.g.
https://url/path?url=ssss
https://url/user
thanks
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.