Pull new bambdas from portswigger #3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It ensures there is a response and scans the headers for either the absence of the Referrer-Policy header or the presence of policies that may expose sensitive referrer information.
This script checks if the HTTP response contains a weak or misconfigured "X-XSS-Protection" header.
Create DetectWeakReferrerPolicy.bambda
Remove redundant header check.
Create DetectWeakXSSProtectionHeader.bambda
Search graphql mutation
…onDomains.bambda Update Description
Create RemoveDirtyPackageHistory
* BURP-11233. Update for Bambda Library - add metadata to existing bambdas, including BambdaChecker-1.4 * BURP-11233. Finalising updates for Bambda Library * Update .2 repo with all new bambdas in preparation for merge --------- Co-authored-by: Ryan Lilker <[email protected]>
Update actions to v4 and use Java 21.
Add Bambda library template bambdas.
Update pull_request_template message.
* Add Custom Actions * Update my Custom Actions * Move comment * Move comment --------- Co-authored-by: Hannah-PortSwigger <[email protected]>
* Add files via upload * Update ProbeForRaceCondition.bambda
* Adding a custom action to take and edit screenshots from Burp. * Added author to Screenshot.bambda * Update Screenshot.bambda * Add bambda description --------- Co-authored-by: martin.doyhenard <[email protected]> Co-authored-by: Hannah-PortSwigger <[email protected]>
* Fix No @author tag defined. * Fix no javadoc defined.
* Add CORS misconfiguration Bambda. * Use a random string for the domain extension.
Extracts the email claim from a JWT in the request's Authorization header and displays it as a custom column in the HTTP history.
Added Email Splitting scan checks using client & default Collaborator.
HTTP cookie prefix bypass custom scan check
…ces the $random placeholder in the request. The string is generated using a regular expression class received from the user input dialog.
This Custom Action creates a random string based on a regex class from the user
* Update webhook messages. * Additional cleanup. * Update description for Discord message.
Update to make the relationship between BChecks and Bambda custom scan checks clearer
Update to make contributing guidelines clearer for Java vs BCheck scan checks
…JSON input, securing both with nonces. Added detection for Hackvertor tags to reject unsafe requests and responses. (#150)
* Add CVE-2025-55182 React2Shell Bambda * Add CVE-2025-55182 (now with prettier formatting) * Add files via upload
* Update webhook messages. * Additional cleanup.
* Refactored Hacking Assistant to separate user prompts from untrusted JSON input, securing both with nonces. Added detection for Hackvertor tags to reject unsafe requests and responses. * Added CSP bypass CustomAction that reads the CSP detects if scripts are blocked then looks for a CSP bypass. * Add disclaimer and a note about the HTTP request
* Update formatting of CSP Bypass bambda * Fix header comment
* Split into separate jobs. * Refactor. * Fix extraction logic. * Add function and location.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bambda Contributions
@authorannotation and suitable description