home / skills / plurigrid / asi / burpsuite-project-parser

burpsuite-project-parser skill

safe

This skill searches and analyzes Burp Suite project files from the command line to extract findings and map HTTP traffic.

npx playbooks add skill plurigrid/asi --skill burpsuite-project-parser

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

1.6 KB

---
name: burpsuite-project-parser
description: Searches and explores Burp Suite project files (.burp) from the command line. Use when searching response headers or bodies with regex patterns, extracting security audit findings, dumping proxy history or site map data, or analyzing HTTP traffic captured in a Burp project.
category: burpsuite-project-parser
author: Trail of Bits
source: trailofbits/skills
license: AGPL-3.0
trit: -1
trit_label: MINUS
verified: true
featured: false
---

# Burpsuite Project Parser Skill

**Trit**: -1 (MINUS)
**Category**: burpsuite-project-parser
**Author**: Trail of Bits
**Source**: trailofbits/skills
**License**: AGPL-3.0

## Description

Searches and explores Burp Suite project files (.burp) from the command line. Use when searching response headers or bodies with regex patterns, extracting security audit findings, dumping proxy history or site map data, or analyzing HTTP traffic captured in a Burp project.

## When to Use

This is a Trail of Bits security skill. Refer to the original repository for detailed usage guidelines and examples.

See: https://github.com/trailofbits/skills

## Related Skills

- audit-context-building
- codeql
- semgrep
- variant-analysis


## SDF Interleaving

This skill connects to **Software Design for Flexibility** (Hanson & Sussman, 2021):

### Primary Chapter: 4. Pattern Matching

**Concepts**: unification, match, segment variables, pattern

### GF(3) Balanced Triad

```
burpsuite-project-parser (+) + SDF.Ch4 (+) + [balancer] (+) = 0
```

**Skill Trit**: 1 (PLUS - generation)


### Connection Pattern

Pattern matching extracts structure. This skill recognizes and transforms patterns.

Overview

This skill parses and searches Burp Suite project files (.burp) from the command line to help security analysts extract and inspect captured HTTP traffic. It focuses on locating patterns in request and response headers, bodies, and metadata, and exporting proxy history, sitemap entries, or audit findings for further analysis. The tool is implemented in Python and designed for fast, scriptable exploration of Burp project artifacts.

How this skill works

The parser reads Burp project archives and decodes stored HTTP items, metadata, and audit notes, exposing them to CLI queries and regex searches. It can filter by host, path, status code, MIME type, or custom pattern matches in headers and bodies, and supports dumping structured output for downstream tooling. Outputs can be directed to files or piped into other command-line processors for integration into analysis pipelines.

When to use it

Searching response bodies or headers for regex patterns across a Burp project
Extracting security audit findings or notes from a project file
Dumping proxy history or site map data for offline analysis
Converting captured HTTP traffic into structured exports for reporting or automation
Rapid triage of large Burp archives without launching the Burp GUI

Best practices

Run searches with specific filters (host, path, status code, MIME type) to reduce noise and speed results
Use anchored or non-greedy regex patterns to avoid overly broad matches in large response bodies
Export results in structured formats (JSON, CSV) when integrating with other tools or scripts
Preserve original .burp files and operate on copies to prevent accidental modification
Pipe results to secure storage or analysis tools and sanitize sensitive payloads before sharing

Example use cases

Find all responses containing a particular API key pattern across an enterprise Burp archive
Extract and summarize scanner findings and auditor notes for a vulnerability report
Dump the proxy history for a specific host to replay traffic in a separate testing environment
Search for instances of insecure headers (e.g., missing HSTS) across all captured responses
Generate a CSV of endpoints and status codes to feed into automated scanning tools

FAQ

Does this work without launching Burp Suite?

Yes. The skill reads .burp project files directly from the command line, so you can inspect and export data without opening the Burp GUI.

Can I run complex regexes or filter by response size?

Yes. The tool accepts full regex patterns for bodies and headers, and supports common filters such as status code, MIME type, host, and size ranges to refine searches.