ranbot-ai/burpsuite-project-parser
skills/burpsuite-project-parser/SKILL.md
Searches and explores Burp Suite project files (.burp) from the command line. Use when searching response headers or bodies with regex patterns, extracting security audit findings, dumping proxy histo
$ install --global
skillsauthnpx skillsauth add ranbot-ai/awesome-skills burpsuite-project-parserInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 30, 2026, 2:19 PM12.9s1 file scanned
SKILL.md
- name:
- burpsuite-project-parser
- description:
- Searches and explores Burp Suite project files (.burp) from the command line. Use when searching response headers or bodies with regex patterns, extracting security audit findings, dumping proxy histo
- category:
- Security & Systems
- source:
- antigravity
- tags:
- [api, ai, workflow, security, vulnerability, cro]
- url:
- https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/burpsuite-project-parser
Burp Project Parser
Search and extract data from Burp Suite project files using the burpsuite-project-file-parser extension.
When to Use
- Searching response headers or bodies with regex patterns
- Extracting security audit findings from Burp projects
- Dumping proxy history or site map data
- Analyzing HTTP traffic captured in a Burp project file
Prerequisites
This skill delegates parsing to Burp Suite Professional - it does not parse .burp files directly.
Required:
- Burp Suite Professional - Must be installed (portswigger.net)
- burpsuite-project-file-parser extension - Provides CLI functionality
Install the extension:
- Download from github.com/BuffaloWill/burpsuite-project-file-parser
- In Burp Suite: Extender → Extensions → Add
- Select the downloaded JAR file
Quick Reference
Use the wrapper script:
{baseDir}/scripts/burp-search.sh /path/to/project.burp [FLAGS]
The script uses environment variables for platform compatibility:
BURP_JAVA: Path to Java executableBURP_JAR: Path to burpsuite_pro.jar
See Platform Configuration for setup instructions.
Sub-Component Filters (USE THESE)
ALWAYS use sub-component filters instead of full dumps. Full proxyHistory or siteMap can return gigabytes of data. Sub-component filters return only what you need.
Available Filters
| Filter | Returns | Typical Size |
|--------|---------|--------------|
| proxyHistory.request.headers | Request line + headers only | Small (< 1KB/record) |
| proxyHistory.request.body | Request body only | Variable |
| proxyHistory.response.headers | Status + headers only | Small (< 1KB/record) |
| proxyHistory.response.body | Response body only | LARGE - avoid |
| siteMap.request.headers | Same as above for site map | Small |
| siteMap.request.body | | Variable |
| siteMap.response.headers | | Small |
| siteMap.response.body | | LARGE - avoid |
Default Approach
Start with headers, not bodies:
# GOOD - headers only, safe to retrieve
{baseDir}/scripts/burp-search.sh project.burp proxyHistory.request.headers | head -c 50000
{baseDir}/scripts/burp-search.sh project.burp proxyHistory.response.headers | head -c 50000
# BAD - full records include bodies, can be gigabytes
{baseDir}/scripts/burp-search.sh project.burp proxyHistory # NEVER DO THIS
Only fetch bodies for specific URLs after reviewing headers, and ALWAYS truncate:
# 1. First, find interesting URLs from headers
{baseDir}/scripts/burp-search.sh project.burp proxyHistory.response.headers | \
jq -r 'select(.headers | test("text/html")) | .url' | head -n 20
# 2. Then search bodies with targeted regex - MUST truncate body to 1000 chars
{baseDir}/scripts/burp-search.sh project.burp "responseBody='.*specific-pattern.*'" | \
head -n 10 | jq -c '.body = (.body[:1000] + "...[TRUNCATED]")'
HARD RULE: Body content > 1000 chars must NEVER enter context. If the user needs full body content, they must view it in Burp Suite's UI.
Regex Search Operations
Search Response Headers
responseHeader='.*regex.*'
Searches all response headers. Output: {"url":"...", "header":"..."}
Example - find server signatures:
responseHeader='.*(nginx|Apache|Servlet).*' | head -c 50000
Search Response Bodies
responseBody='.*regex.*'
MANDATORY: Always truncate body content to 1000 chars max. Response bodies can be megabytes each.
# REQUIRED format - always truncate .body field
{baseDir}/scripts/burp-search.sh project.burp "responseBody='.*<form.*action.*'" | \
head -n 10 | jq -c '.body = (.body[:1000] + "...[TRUNCATED]")'
Never retrieve full body content. If you need to see more of a specific response, ask the user to open it in Burp Suite's UI.
Other Operations
Extract Audit Items
auditItems
Returns all security findings. Output includes: name, severity, confidence, host, port, protocol, url.
Note: Audit items are small (no bodies) - safe to retrieve with head -n 100.
Dump Proxy History (AVOID)
proxyHistory
NEVER use this directly. Use sub-component filters instead:
proxyHistory.request.headersproxyHistory.response.headers
Dump Site Map (AVOID)
siteMap
NEVER use this directly. Use sub-component filters instead.
Output Limits (REQUIRED)
CRITICAL: Always check result size BEFORE retrieving data. A broad search can return thousands of records, each potentially megabytes. This will overflow the context window.
Step 1: Always Check Size First
Before any search, check BOTH record count AND byte size:
# Check record count AND total bytes - never skip this step
{baseDir}/scripts/burp-search.sh project.burp proxyHistory | wc -cl
{baseDir}/scripts/burp-search.sh project.burp "res
Related Skills
ranbot-ai/android-dev
development
VerifiedTrustedCommunity
Production-grade Android app development guide covering native (Kotlin/Java), cross-platform (Flutter, RN, KMM), and hybrid architectures.
5SKILL.mdUpdated Jun 12, 2026
ranbot-ai/open-dynamic-workflows
testing
VerifiedTrustedCommunity
Plan, orchestrate, and adversarially verify parallel AI coding agents with a dynamic multi-agent workflow engine.
5SKILL.mdUpdated Jun 9, 2026
ranbot-ai/cv-generator
development
VerifiedTrustedCommunity
Generate professional, ATS-optimized CVs for FlowCV, Canva, Google Docs, or Word. Handles multi-source merging, JD targeting, seniority adaptation, and humanized rewriting. Outputs paste-ready text wi
5SKILL.mdUpdated Jun 9, 2026
ranbot-ai/article-illustrations
tools
VerifiedTrustedCommunity
Generate hand-drawn 16:9 article illustrations with the Grav character IP, sparse annotations, and absurd but clear visual metaphors.
5SKILL.mdUpdated Jun 9, 2026