ProfessionalCommunity Edition
HTTP history
-
Last updated: June 18, 2024
-
Read time: 3 Minutes
You can use the HTTP history to see a record of the HTTP traffic that has passed through Burp Proxy. You can also see any modifications that you made to intercepted messages.
The HTTP history contains the following information:
- # - The request index number.
- Host - The protocol and server hostname.
- Method - The HTTP method.
- URL - The URL file path and query string.
- Params - Flag whether the request contains any parameters.
- Edited - Flag whether the request or response were modified by the user.
- Status code - The HTTP status code of the response.
- Length - The length of the response in bytes.
- MIME type - The MIME type of the response.
- Extension - The URL file extension.
- Title - The page title (for HTML responses).
- Notes - Any user-applied note.
- TLS - Flag whether TLS is used.
- IP - The IP address of the destination server.
- Cookies - Any cookies that were set in the response.
- Time - The time the request was made.
- Listener port - The listener port on which the request was received.
- Start response timer - The time in milliseconds from when the request was sent until the first byte of the response is received.
- End response timer - The time in milliseconds from when the request was sent until the complete response was received.
The HTTP history is always updated, even if Intercept is off. This enables you to browse without interruption while you monitor key details about application traffic.
Right-click any item in the table to access further options, such as sending requests to other Burp tools.
Changing the HTTP history layout
You can customize the HTTP history table in the following ways:
Hide columns - Right-click the header of the column you want to hide, then select Hide column.
Show hidden columns - Click the options menu > Table layout, then select the columns you want to display.
Move columns - Drag and drop the header of the column you want to move to its new location.
Add custom columns - Click the options menu > Add custom column to create a personalized column that displays the data you want to see. Learn more about Adding custom columns to your HTTP history.
Sort the table - Click the header of the column you want to sort by. You can sort by ascending, descending, or unsorted.
Filter the data - Click the Filter settings bar, then choose either:
Settings mode - Use predefined checkboxes and fields to set your criteria. Learn more about filtering the HTTP history with Settings mode.
Bambda mode - Write a Java-based Bambda to define your custom filter. Learn more about filtering the HTTP history with Bambdas.
Restore the default layout - To return the table to its original state, click > Table layout, then select Restore default table.
Viewing a request
If you select an item from the HTTP history, the lower pane shows the request and response messages for the item. Any modified messages are shown separately. The message may have been modified through:
In addition to the main history view, you can also:
- Double-click an item to open it in a pop-up window.
- Right-click a request and select Show new history window to open a new history window with its own display filter.
- Access the Inspector, to easily view and edit interesting items.
- View and edit your notes. To do this, click Notes.
Adding a custom column
You can create your own custom columns using Bambdas.
Custom columns enable you to see more detail about the items in your HTTP history for a more focused analysis of what's important to you.
Two objects of the Montoya API are available to help you write these Bambdas:
ProxyHttpRequestResponse
Utilities
To create a custom column for your HTTP history table:
In Proxy > HTTP history, click the options menu > Add custom column. The Add custom column window opens.
Enter a name for your custom column in the Column header field.
Write a Bambda to specify the data that the custom column displays.
Example Bambda
In the example below, we'll write a Bambda to create a custom column containing the Server header value of the response.
if (!requestResponse.hasResponse()) {
return "";
}
var response = requestResponse.response();
return response.hasHeader("Server")
? response.headerValue("Server")
: "";