HTTP

Proxy HTTP Custom Column

AddGraphQLOperationNameColumn.bambda

Add GraphQL operation name column.

Author: PortSwigger

String requestBody = requestResponse.request().bodyToString();

if (!utilities.jsonUtils().isValidJson(requestBody)) {
	return "";
}

return utilities.jsonUtils().readString(requestBody, "operationName");

AddPublicCORSColumn.bambda

Add public CORS column.

Author: PortSwigger

return requestResponse.hasResponse()
    && requestResponse.response().hasHeader("Access-Control-Allow-Origin", "*");

AddRefererHeaderColumn.bambda

Add Referer header column.

Author: PortSwigger

return requestResponse.request().headerValue("Referer");

DetectCORS.bambda

Check the CORS vulnerability

Author: https://github.com/JaveleyQAQ/

if (requestResponse.hasResponse() && requestResponse.request().hasHeader("Origin") && requestResponse.response().hasHeader("Access-Control-Allow-Origin"))
{
    var requestOrigin = requestResponse.request().headerValue("Origin");
    var responseOrigin = requestResponse.response().headerValue("Access-Control-Allow-Origin");
    return requestOrigin.equals(responseOrigin) ? Character.toString(0x2757).concat("CORS?") : responseOrigin;

} else {
    return "";
}

EmailFromJWT.bambda

Add email claim from JWT column.

Author: Muhammad Zeeshan (https://gist.github.com/Xib3rR4dAr)

if (!requestResponse.finalRequest().hasHeader("Authorization")) {
    return "";
}

var headerValue = requestResponse.request().headerValue("Authorization");

var jwtFrags = headerValue.split("\\.");

if (jwtFrags.length != 3 ) {
    return "";
}

var payloadJson = utilities().base64Utils().decode(jwtFrags[1], Base64DecodingOptions.URL).toString();

return utilities().jsonUtils().readString(payloadJson, "email");

JWTAlgorithm.bambda

Extracts the JWT alg value from JWT session Cookies

Author: trikster

if (!requestResponse.finalRequest().hasParameter("session", HttpParameterType.COOKIE)) {
    return "";
}

var cookieValue = requestResponse.finalRequest().parameter("session", HttpParameterType.COOKIE).value();

var jwtFrags = cookieValue.split("\\.");

if (jwtFrags.length != 3 ) {
    return "";
}


var headerJson = utilities().base64Utils().decode(jwtFrags[0], Base64DecodingOptions.URL);
var matcher = Pattern.compile(".+?\"alg\":\"(\\w+)\".+").matcher(headerJson.toString());

return matcher.matches() ? matcher.group(1) : "";

Referer.bambda

Extracts Referer request header. Useful to identify sensitive data leakage via Referer header like OIDC authorization codes.

Author: emanuelduss

return requestResponse.request().hasHeader("Referer") ? requestResponse.request().headerValue("Referer") : "";

SOAPMethod.bambda

Extracts the Method and an example value from a SOAP Request

Author: Nick Coblentz (https://github.com/ncoblentz)

if(requestResponse.request().hasHeader("Content-Type")
    && requestResponse.request().headerValue("Content-Type").contains("soap+xml"))
{
    StringBuilder builder = new StringBuilder();
    if(requestResponse.request().bodyToString().contains("<s:Body"))
    {
        Matcher m = Pattern.compile("<(?:[a-zA-Z0-9]+:)?Username>([^<]+)</(?:[a-zA-Z0-9]+:)*Username>|<(?:[a-zA-Z0-9]+:)*Body[^>]*><([^ ]+)",Pattern.CASE_INSENSITIVE).matcher(requestResponse.request().bodyToString());
        while(m.find() && m.groupCount()>0) {
            for(int i=1;i<=m.groupCount();i++) {
                if(m.group(i)!=null)
                    builder.append(m.group(i)+" ");
            }
        }
        return builder.toString();
    }
}
return "";

ServerHeader.bambda

Extracts the value of the Server header from the response

Author: agarri_fr

return requestResponse.hasResponse() && requestResponse.response().hasHeader("Server")
  ? requestResponse.response().headerValue("Server")
  : "";

SlowResponses.bambda

Displays response times once the specified threshold is exceeded.

Author: l4n73rn

var delta = requestResponse.timingData().timeBetweenRequestSentAndStartOfResponse();
var threshold = Duration.ofSeconds(3);

if (delta != null && delta.toMillis() >= threshold.toMillis()) {
    return delta.toMillis();
} else {
    return "";
}

WCFBinarySOAPMethod.bambda

Extracts the WCF SOAP Binary Method from the Request

Author: Nick Coblentz (https://github.com/ncoblentz)

if(requestResponse.request().hasHeader("Content-Type") && requestResponse.request().headerValue("Content-Type").equals("application/soap+msbin1")){
    String body = requestResponse.request().bodyToString();
    String prefix = "www.examplewebsite.com/xmlnamespace/";
    int start = body.indexOf(prefix);
    if(start>0)
    {
        int end = body.indexOf("@",start+prefix.length());
        if(end>0)
        {
            return body.substring(start+prefix.length(), end);
        }

    }
}
return "";

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

Proxy HTTP Custom Column

AddGraphQLOperationNameColumn.bambda

Add GraphQL operation name column.

Author: PortSwigger

AddPublicCORSColumn.bambda

Add public CORS column.

Author: PortSwigger

AddRefererHeaderColumn.bambda

Add Referer header column.

Author: PortSwigger

DetectCORS.bambda

Check the CORS vulnerability

Author: https://github.com/JaveleyQAQ/

EmailFromJWT.bambda

Add email claim from JWT column.

Author: Muhammad Zeeshan (https://gist.github.com/Xib3rR4dAr)

JWTAlgorithm.bambda

Extracts the JWT alg value from JWT session Cookies

Author: trikster

Referer.bambda

Extracts Referer request header. Useful to identify sensitive data leakage via Referer header like OIDC authorization codes.

Author: emanuelduss

SOAPMethod.bambda

Extracts the Method and an example value from a SOAP Request

Author: Nick Coblentz (https://github.com/ncoblentz)

ServerHeader.bambda

Extracts the value of the Server header from the response

Author: agarri_fr

SlowResponses.bambda

Displays response times once the specified threshold is exceeded.

Author: l4n73rn

WCFBinarySOAPMethod.bambda

Extracts the WCF SOAP Binary Method from the Request

Author: Nick Coblentz (https://github.com/ncoblentz)

Name		Name	Last commit message	Last commit date
parent directory ..
AddGraphQLOperationNameColumn.bambda		AddGraphQLOperationNameColumn.bambda
AddPublicCORSColumn.bambda		AddPublicCORSColumn.bambda
AddRefererHeaderColumn.bambda		AddRefererHeaderColumn.bambda
DetectCORS.bambda		DetectCORS.bambda
EmailFromJWT.bambda		EmailFromJWT.bambda
JWTAlgorithm.bambda		JWTAlgorithm.bambda
README.md		README.md
Referer.bambda		Referer.bambda
SOAPMethod.bambda		SOAPMethod.bambda
ServerHeader.bambda		ServerHeader.bambda
SlowResponses.bambda		SlowResponses.bambda
WCFBinarySOAPMethod.bambda		WCFBinarySOAPMethod.bambda

FilesExpand file tree

HTTP

Directory actions

More options

Directory actions

More options

Latest commit

History

HTTP

Folders and files

parent directory

Proxy HTTP Custom Column

Add GraphQL operation name column.

Author: PortSwigger

Add public CORS column.

Author: PortSwigger

Add Referer header column.

Author: PortSwigger

Check the CORS vulnerability

Author: https://github.com/JaveleyQAQ/

Add email claim from JWT column.

Author: Muhammad Zeeshan (https://gist.github.com/Xib3rR4dAr)

Extracts the JWT alg value from JWT session Cookies

Author: trikster

Extracts Referer request header. Useful to identify sensitive data leakage via Referer header like OIDC authorization codes.

Author: emanuelduss

Extracts the Method and an example value from a SOAP Request

Author: Nick Coblentz (https://github.com/ncoblentz)

Extracts the value of the Server header from the response

Author: agarri_fr

Displays response times once the specified threshold is exceeded.

Author: l4n73rn

Extracts the WCF SOAP Binary Method from the Request

Author: Nick Coblentz (https://github.com/ncoblentz)