In this demonstration, we explore the Bambda mode in Burp Suite, a powerful feature for filtering HTTP history that goes beyond the basic filtering capabilities.
The Burp HTTP history Filter window allows users to filter and navigate through the list of HTTP requests and responses captured during web pentesting. Burp’s default option for filtering HTTP history responses is called Settings Mode, which allows for basic filtering of HTTP results by different file types, response codes, and other simple criteria.
To obtain more precise results, we can use the Bambda mode, which allows users to create more complex conditions for searching HTTP proxy history, providing much greater flexibility than the standard Settings Mode.
The Bambda’s basic condition is return true. When this condition is applied, all requests appear – both items with and without responses, with all types of status codes (like 404 errors) and so on. When Bambda mode is active, the information showing the type of filtered results on the HTTP history bar displays “Bambda mode.”
We can add more sophisticated conditions to our filter. For example, to filter for specific server responses:
Request.response, then Response, then has header as the valueIn the HTTP history window, results will show only those server responses that contain the header named “server” with the Cloudflare value.
Bambda filters can be saved for future use:
There’s a useful feature to convert existing Settings mode filters to Bambda format:
This option allows you to convert the Settings mode filter result to Bambda. All Settings mode settings are saved as a Bambda mode filter.
Ready-made Bambda scripts are available on the Internet, created by pentesters and software producers. These can be found on GitHub at PortsSwigger/bambdas/tree/main. From the open page, you can select “Proxy HTTP filters” to see various types of sample filters.
One practical example is the DetectServerNames.bambda filter:
When running the DetectServerNames filter, it shows requests marked in RED. Clicking on these requests reveals that the response contains server headers (like “server Amazon S3 header”) and the notes section contains information about finding such a header.
If the filter doesn’t find certain headers (for example, server CloudFlare values), it’s because that name wasn’t added to the filter. You can add the CloudFlare value to the filter yourself. After adding the CloudFlare value, the filter finds many more results.
This demonstration shows how Bambda mode in Burp Suite provides powerful, flexible filtering capabilities that go far beyond basic Settings Mode, allowing penetration testers to create precise conditions for analyzing HTTP traffic effectively. We hope you found this one useful!
And if you’re hungry for more cybersecurity knowledge, we’ve opened the registration for our 6-weeks Advanced Windows Security Course 2026, ensuring you’re prepared for the threat landscape of the next year!
Do you want to receive the geekiest cybersecurity solutions, tools, and tricks, straight to your inbox?
Learn more about our offer in terms of Consulting. Our Cybersecurity Experts perform consulting work on a daily basis, hence we are fully prepared for any challenge.
Learn more about our offer in terms of Consulting. Our Cybersecurity Experts perform consulting work on a daily basis, hence we are fully prepared for any challenge.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
