Can I search for specific vulnerabilities using this skill?

Yes, you can use regex patterns to search for specific strings in headers or bodies, or extract structured audit findings directly from the project file.

What prerequisites are needed to use this skill?

You must have Burp Suite Professional installed, the burpsuite-project-file-parser extension added to Burp, and Java configured in your environment variables.

How does it prevent the AI context from overflowing with large proxy data?

The skill enforces strict truncation rules, limiting individual response bodies to 1000 characters and total output to 50KB to ensure performance and stability.

Is it safe to dump the entire proxy history?

Dumping full history is discouraged as it can reach gigabytes in size. The skill recommends using sub-component filters like 'proxyHistory.request.headers' for safer data retrieval.

Does this skill work with Burp Suite Community Edition?

No, this skill requires Burp Suite Professional as it relies on professional-only features and extensions to parse .burp project files.

Burp Suite Project Parser

Name: Burp Suite Project Parser
Author: fjor1025

byfjor1025

0•

セキュリティとテスト

Extracts and analyzes security audit findings, proxy history, and HTTP traffic from Burp Suite project files via the command line.

This skill enables Claude to interact with Burp Suite Professional project files (.burp) directly from the terminal. By leveraging the burpsuite-project-file-parser extension, it allows users to search response headers and bodies using regex, extract security audit findings, and analyze captured HTTP traffic without leaving the command-line interface. It is designed with strict data-handling constraints to ensure that large proxy histories or response bodies do not overwhelm the AI's context window, making it an essential tool for security researchers and penetration testers performing deep-dive analysis during security assessments.

主な機能

01Extraction of security audit findings with severity and confidence levels

02Automated output truncation to prevent context window overflow

030 GitHub stars

04Safe retrieval of proxy history and site map data using sub-component filters

05Integration with jq for advanced data filtering and JSON processing

06Regex searching across response headers and bodies

ユースケース

01Searching for specific vulnerabilities like hardcoded credentials or PII in HTTP response bodies

02Reviewing and triaging high-severity security findings from a Burp Suite Professional audit

03Mapping an application's attack surface by extracting unique URLs from proxy history

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add fjor1025/infosec-framework skills

For use in Claude.ai and ChatGPT

Download Skill