Wiki
Powered by

# PortSwigger - Burp Suite

By
Adrien

Burp Suite is a powerful tool used for web application security testing. It comes in two versions: Community and Pro, each offering different features and capabilities.

# 🛠 Versions

# Community Edition

The Community Edition is free to use, with limited features. It's suitable for individual testing or learning, but lacks advanced functionalities available in the Pro version.

# Professional Edition

The Professional Edition provides advanced features such as Intruder, Repeater, and other automation capabilities. It requires a paid license but is more suited for professionals and large-scale testing.

# 💻 Installation

# Windows

  1. Download the installer from the official website: Burp Suite Downloads.
  2. Run the installer and follow the prompts.
  3. After installation, launch Burp Suite from the Start Menu.

# Linux

  1. Download the latest .tar file from the Burp Suite Downloads page.

  2. Extract the archive:

     tar -xvzf burpsuite_free_vX.X.X.tar.gz

  3. Navigate to the extracted folder and run:

    ./burpsuite

# macOS

  1. Download the .dmg file from the Burp Suite Downloads.
  2. Open the .dmg file and drag the Burp Suite application to your Applications folder.
  3. Launch Burp Suite from the Applications folder.

# 🧩 Bambdas

Bambdas allows you to filter requests based on specific conditions, reducing noise in your Proxy History.

# GitHub Examples

For more examples, visit the official GitHub repository: Bambdas Examples

# Filtering Requests Based on Content

This script filters out requests containing certain keywords or MIME types, helping to declutter the Proxy History.

var mimeType = requestResponse.mimeType();

if(requestResponse.contains("junkdata", true)) { return false; }
if(requestResponse.contains("/trash/", true)) { return false; }

return requestResponse.request().isInScope()
 && mimeType != MimeType.CSS
 && mimeType != MimeType.IMAGE_UNKNOWN
 && mimeType != MimeType.IMAGE_JPEG
 && mimeType != MimeType.IMAGE_GIF
 && mimeType != MimeType.IMAGE_PNG
 && mimeType != MimeType.IMAGE_BMP
 && mimeType != MimeType.IMAGE_TIFF
 && mimeType != MimeType.UNRECOGNIZED
 && mimeType != MimeType.SOUND
 && mimeType != MimeType.VIDEO
 && mimeType != MimeType.FONT_WOFF
 && mimeType != MimeType.FONT_WOFF2
 && mimeType != MimeType.APPLICATION_UNKNOWN;

# 🎨 Colors

This feature allows you to highlight specific requests with custom colors, which is useful for quickly identifying important items.

if(requestResponse.contains("/user/v1/current", true)) {
    requestResponse.annotations().setHighlightColor(HighlightColor.YELLOW);
    return true;
}

# 🔗 URL Check

This checks the URL content and highlights in yellow any request that contains a specific string (e.g., ?key=).

var req_URL = requestResponse.request().url();

if(req_URL.contains("?key=")) {
  requestResponse.annotations().setHighlightColor(HighlightColor.YELLOW);
  return true;
}

© Copyright 2025. All rights reserved.