Does this skill parse .burp files natively?

No, it delegates parsing to Burp Suite Professional and requires the burpsuite-project-file-parser extension to be installed.

Can I use regex to search for vulnerabilities?

Yes, you can use regex patterns to search specifically within response headers or bodies to find indicators of vulnerabilities like CORS misconfigurations or leaked credentials.

Which operating systems are supported?

The skill is compatible with both macOS and Windows, provided the BURP_JAVA and BURP_JAR environment variables are correctly configured.

How does the skill handle very large Burp project files?

The skill enforces mandatory truncation rules, such as limiting response bodies to 1000 characters and using sub-component filters to prevent gigabytes of data from entering the context window.

Do I need Burp Suite Professional to use this skill?

Yes, Burp Suite Professional must be installed as it provides the underlying engine for reading and processing project files.

Burp Suite Project Parser

Name: Burp Suite Project Parser
Author: trailofbits

bytrailofbits

•

938

セキュリティとテスト

Searches and extracts security data from Burp Suite project files using regex patterns and command-line tools.

概要

This skill enables Claude to interact with Burp Suite Professional project files (.burp) via the command line, facilitating advanced security research and audit workflows. It allows for regex-based searching of request/response headers and bodies, extraction of security findings (audit items), and targeted analysis of proxy history or site maps. By delegating parsing to the Burp Suite engine through a specialized extension, it provides a powerful way to automate the triage of vulnerabilities and explore captured HTTP traffic directly within the development environment while maintaining strict output limits for performance.

主な機能

Sub-component filtering to retrieve specific data like site maps or proxy history
Regex-based searching across HTTP request/response headers and bodies
Safety-first output truncation to prevent context window overflow
Extraction of security audit items with severity and confidence filtering
Standardized JSON output compatible with jq for complex data processing
938 GitHub stars

ユースケース

Triaging high-severity findings from automated Burp Suite security scans
Searching proxy history for specific server signatures or sensitive data patterns
Mapping an application's attack surface by extracting unique URLs from a site map

概要

主な機能

Sub-component filtering to retrieve specific data like site maps or proxy history
Regex-based searching across HTTP request/response headers and bodies
Safety-first output truncation to prevent context window overflow
Extraction of security audit items with severity and confidence filtering
Standardized JSON output compatible with jq for complex data processing
938 GitHub stars

ユースケース

Triaging high-severity findings from automated Burp Suite security scans
Searching proxy history for specific server signatures or sensitive data patterns
Mapping an application's attack surface by extracting unique URLs from a site map