LabEx
Log InJoin Free

Filter the Proxy HTTP History in Burp Suite

Beginner
Practice Now

Introduction

Burp Suite is a powerful tool for web application security testing. One of its core components is the Proxy, which intercepts and logs all HTTP/S traffic between your browser and the target application. The HTTP history tab can quickly become filled with hundreds or thousands of requests, making it difficult to find specific items of interest.

In this lab, you will learn how to use the powerful filtering capabilities within the Proxy HTTP history. Mastering these filters is essential for efficiently analyzing traffic, identifying vulnerabilities, and focusing your testing efforts on the most relevant parts of an application.

Go to the Proxy > HTTP History Tab

In this step, you will start Burp Suite and navigate to the HTTP history tab where all proxied traffic is logged.

First, you need to launch Burp Suite. You can typically find it in the application menu of your desktop environment, or you can launch it from the terminal.

Once Burp Suite is running, you will see a main window with several tabs across the top (Dashboard, Target, Proxy, Intruder, etc.). The Proxy tab is where you can control the interception proxy and view the history of requests.

Click on the Proxy tab. Within the Proxy tab, you will see several sub-tabs. Click on the HTTP history sub-tab.

You should now see a table listing the HTTP requests that have passed through Burp's proxy. We have already generated some sample traffic for you.

Click the 'Filter' Bar to Show the Filter Options

In this step, you will reveal the filter options that allow you to control which requests are displayed in the history table.

By default, the HTTP history shows all captured items. Above the table of requests, you will see a light gray bar with the text "Filter: Showing all items". This bar hides the detailed filter controls.

To display the filter options, simply click anywhere on this filter bar.

After clicking it, the bar will expand downwards, revealing a comprehensive set of options for filtering the HTTP history. This is the control panel you will use in the following steps to narrow down the requests.

Check 'Show only in-scope items'

In this step, you will learn how to use one of the most important filters: the scope filter. This allows you to focus only on the traffic related to your target application.

First, you need to define what your target scope is.

  1. Go to the Target tab.
  2. Click on the Scope sub-tab.
  3. In the "Target Scope" section, click the Add button.
  4. A dialog box will appear. Enter http://portswigger-labs.net as the target and click OK. Burp Suite may ask if you want to stop sending out-of-scope items to the history. Click No for this lab, as we want to see the filter work.

Now, navigate back to the Proxy > HTTP history tab. In the filter options you opened in the previous step, locate the "Filter by request type" section.

Check the box labeled Show only in-scope items.

Immediately, the list of requests in the history table will update. You will now only see requests made to portswigger-labs.net. The request to example.com will be hidden, demonstrating the power of scope-based filtering.

Filter by MIME type (e.g., HTML)

In this step, you will further refine the visible history by filtering based on the MIME type of the response. This is useful for finding specific types of content, such as web pages, scripts, or images.

With the filter options still visible, find the section labeled "Filter by MIME type". This section allows you to show or hide requests based on the Content-Type header in the response.

  1. Ensure the radio button is set to Show only.
  2. Check the box next to HTML.

Once you check the HTML box, the HTTP history table will update again. Now, it will only display in-scope requests that returned a response with an HTML MIME type. The request for the CSS file (main.css) will be hidden, leaving only the main page request. This technique is very effective for isolating user-viewable pages from other resources like stylesheets, scripts, and images.

Filter by Search Term in the Response Body

In this step, you will use the search term filter to find requests based on specific content within their responses. This is an extremely powerful feature for locating specific functionalities, error messages, or potential vulnerabilities.

In the filter options, locate the "Filter by search term" section at the bottom.

  1. In the text field, type the word PortSwigger.
  2. Ensure the checkbox next to Response body is ticked. This tells Burp to search inside the body of the HTTP response.
  3. Leave the dropdown set to "Literal search". This will search for the exact text you entered.

The HTTP history will now be filtered to show only items that meet all the previous criteria (in-scope, HTML) AND contain the literal string "PortSwigger" in their response body. This allows for highly specific and targeted analysis of the captured traffic. You can also use regular expressions for more complex search patterns by changing the dropdown from "Literal search" to "Regex".

Summary

In this lab, you have learned the fundamental techniques for filtering the Proxy HTTP history in Burp Suite. You started by navigating to the history tab and revealing the filter options. Then, you practiced applying several types of filters in combination:

  • Scope: Focusing on a specific target to reduce noise.
  • MIME Type: Isolating specific content types like HTML.
  • Search Term: Finding requests based on specific content in their responses.

Mastering these filtering skills is crucial for any web security professional, as it allows you to work more efficiently and effectively when analyzing large and complex web applications.