Burpsuite Project Parser

Plugin Active

Search and extract data from Burp Suite project files (.burp) for security analysis

1 Skill 0 MCPs

Purpose

To enable programmatic searching and extraction of security-relevant data from Burp Suite project files for detailed analysis and auditing.

Features

Search response headers and bodies with regex
Extract security audit findings
Dump proxy history and site map entries
Filter output for specific data components

Use Cases

Analyze security vulnerabilities found by Burp Suite
Extract specific HTTP traffic patterns for further investigation
Automate the process of finding specific data within Burp project files
Integrate Burp Suite findings into broader security workflows

Non-Goals

Directly parsing .burp files without Burp Suite Professional
Replacing the Burp Suite UI for full manual inspection
Performing active scanning or modifying Burp Suite's configuration

Documentation

warning:Configuration & parameter referenceThe README mentions optional `jq` but does not explicitly document its parameters or precedence. Environment variables like `BURP_JAVA` and `BURP_JAR` are mentioned but their usage and expected formats could be more explicit.

Scope

warning:Minimal I/O surfaceThe `responseBody` search operation is described as requiring truncation to 1000 characters, indicating a potential for large outputs if not strictly managed, and the `proxyHistory` and `siteMap` operations are explicitly discouraged for full dumps due to size.

Code Execution

warning:ValidationWhile the README provides guidance on filtering and output limits, there is no explicit mention or evidence of input validation libraries (like Zod or Pydantic) being used for arguments passed to the wrapper script.
info:Error HandlingThe README provides extensive guidance on output limits and handling large files, suggesting an awareness of potential issues, but does not detail specific error handling mechanisms for script failures or malformed inputs.

Portability

warning:Runtime stabilityThe README details platform-specific environment variables (`BURP_JAVA`, `BURP_JAR`) for macOS, Windows, and Linux, but assumes Burp Suite Professional is installed in specific default locations, which might not hold true for all users.

Errors

info:Actionable error messagesThe README provides extensive guidance on output limits and potential issues, suggesting how to avoid errors, but does not detail specific error messages or remediation steps for script failures.

Installation

First, add the marketplace

/plugin marketplace add trailofbits/skills

/plugin install burpsuite-project-parser@trailofbits

Contains 1 extensions

Skill (1)

Burpsuite Project Parser Skill

Searches and explores Burp Suite project files (.burp) from the command line. Use when searching response headers or bodies with regex patterns, extracting security audit findings, dumping proxy history or site map data, or analyzing HTTP traffic captured in a Burp project.

Quality Score

78 /100

Analyzed about 11 hours ago

Trust Signals

Last commit3 days ago

GitHub owner trailofbits

Stars5.2k

LicenseCC-BY-SA-4.0

Status

View Source

Similar Extensions

Kaizen

Inspired by Japanese continuous improvement philosophy, Agile and Lean development practices. Introduces commands for analysis of root cause of issues and problems, including 5 Whys, Cause and Effect Analysis, and other techniques.

Plugin

NeoLabHQ

Skill Optimizer

Analyze and optimize your Agent Skills (SKILL.md) using session data and research-backed static checks. Works with Claude Code, Codex, and any Agent Skills-compatible agent.

Plugin

hqhq1025

X Twitter Scraper

X (Twitter) real-time data platform skill with REST API (100+ endpoints), MCP server (2 tools) & webhooks. Covers tweet search, user lookup, timelines, extraction, monitoring, giveaway draws, credits, support, and confirmation-gated private reads, write actions, webhooks, monitors, and pay-per-use flows. Reads from $0.00015/call.

Plugin

Xquik-dev