Create SaveTheBestForLast.bambda

[BugBountyzip]

JavaScript

Bambda Contributions

• Bambda has a valid header, featuring an @author annotation and suitable description
• Bambda compiles and executes as expected
• Only .bambda files have been added or modified (README.md files are automatically updated / generated after PR merge)

Burp Suite Bambda for detecting and cataloging hidden endpoints within JavaScript files. Here's a breakdown of its capabilities and features:

1. Highlighting Important Words: The script can highlight specific words deemed important, like "admin," "debug," "test," and "config." These words are highlighted in red in the final notes for easy identification.

2. Customizable Scan Types: It offers three scan modes - 'Balanced,' 'Deep,' and 'Custom.'

   • 'Balanced' provides a balance between accuracy and coverage.
   • 'Deep' delves deeper but might include false positives.
   • 'Custom' allows users to define their regex for endpoint detection.

3. Unique Endpoint Detection: The script use a HashSet to track and record unique endpoints, effectively eliminating duplicates from the results.

4. Support for HTML and JavaScript Responses: It processes responses that are either HTML or JavaScript, ensuring that the script's focus remains on relevant data.

5. Output to File: The discovered endpoints are written to a file named "Data.txt" located in a specified folder. This provides a persistent and accessible record of all findings.

6. Duplicate and Empty Line Removal: After initial writing, the script re-reads the file, removing any duplicates or empty lines, ensuring a clean and concise list of endpoints.

7. Highlight Color Customization: The script sets the highlight color based on the type of response (HTML or JavaScript) to improve visual differentiation in Burp Suite's interface.

8. Error Handling: It includes exception handling for file operations, ensuring stability and providing feedback in case of errors.

9. Future-Proofing with "Keys and Secrets" Scan: An additional scan type, "Keys and Secrets," is mentioned for future implementation, indicating plans for further enhancement of the script.

10. Efficient Pattern Matching: Utilizes regular expressions to efficiently parse and identify potential endpoints within the response bodies.

[BugBountyzip]

Hey I missed to add the funication that will write the notes and Highlight the requests. please wait

[BugBountyzip]

See demo

[BugBountyzip]

Change log:

1. Structured Workflow: The script has been divided into distinct stages for better clarity and efficiency:

   • Stage 1: Gathering endpoints from JavaScript files based on the specified scan type ('High', 'Deep', or 'Custom'). The script captures unique endpoints while excluding trivial or specified file types.
   • Stage 2: Writing the gathered endpoints to a file (File.txt), located in the C:\Users\Your\Path directory. The script then reads this file, removes duplicates and empty lines, and rewrites the cleaned data back to the same file.
   • Stage 3: Highlighting requests in Burp Suite's history. If any of the high-value words ('debug', 'admin', 'test', 'config') are found in the endpoints, the script marks the corresponding request with a red highlight. Otherwise, it uses a yellow highlight. Notes are appended to each highlighted request with the relevant endpoints.

2. Optimization for Performance and Accuracy:

   • Improved regex patterns for endpoint detection to reduce false positives and increase the accuracy of the results.
   • Simplified the logic for checking response types, focusing only on JavaScript files for endpoint extraction.
   • Enhanced the mechanism for writing and reading from the data file to ensure no duplicate endpoints are saved and unnecessary lines are omitted.

3. User Flexibility:

   • Provided options for users to select from predefined scanning methods or define their own custom regex pattern for endpoint extraction.
   • Enabled a manual color highlight option, allowing users to toggle the highlighting of requests in the history.

4. Code Cleanliness and Readability:

   • Refactored the code to enhance readability and maintainability.
   • Removed redundant checks and streamlined the process flow to increase script efficiency.

These changes aim to make the script even more better, user-friendly, and adaptable to different use cases, while also ensuring the accuracy and relevance of the data it processes and presents.

[BugBountyzip]

any help i can provide ?

[PortSwiggerWiener]

Many thanks for this submission and all your contributions to date with Bambdas.

Unfortunately we cannot accept this bambda as it is essentially a passive scan check rather than a filter. I've updated our guidelines to explicitly state that we won't accept contributions which encroach on Pro functionality to prevent any future confusion.

Please keep innovating and experimenting with Bambdas! I hope to review more PRs from you in the near future :)