Skip to main content
Search and extract data from Burp Suite project files (.burp) for use in Claude. Parse HTTP traffic, security findings, and audit items directly from your Burp projects. Author: Will Vandevanter

Installation

/plugin install trailofbits/skills/plugins/burpsuite-project-parser

Prerequisites

Before using this plugin, ensure you have:
1

Burp Suite Professional

Required for project file support. Community edition does not support .burp project files.
2

burpsuite-project-file-parser extension

Install the extension from GitHub
3

jq (optional)

Recommended for formatting and filtering JSON output

When to Use

Use this plugin when you need to:
  • Search response headers or bodies using regex patterns
  • Extract security audit findings and vulnerabilities
  • Dump proxy history or site map data for analysis
  • Programmatically analyze HTTP traffic captured by Burp Suite
Trigger phrases: “search the burp project”, “find in burp file”, “what vulnerabilities in the burp”, “get audit items from burp”

Commands

Search and extract data from Burp Suite project files. 
/burp-search <burp-file> [operation]
burp-file
string
required
Path to .burp project file
operation
string
Operation to perform: auditItems, proxyHistory, siteMap, responseHeader='regex', responseBody='regex'

Available Operations

Extract all security findings from Burp Scanner.Output: JSON with name, severity, confidence, host, port, protocol, url
/burp-search project.burp auditItems
Dump all captured HTTP traffic from the proxy.Output: Complete request/response data
/burp-search project.burp proxyHistory
Dump all site map entries.Output: Site structure with all discovered endpoints
/burp-search project.burp siteMap
Search response headers using regex patterns.Output: JSON with url and matching header
/burp-search project.burp "responseHeader='.*Access-Control.*'"
Search response bodies using regex patterns.Output: Matching content from response bodies
/burp-search project.burp "responseBody='.*<form.*action.*'"

Sub-Component Filters

For large projects, filter to specific data to improve performance: 
proxyHistory.request.headers    # Only request headers
proxyHistory.request.body       # Only request body
proxyHistory.response.headers   # Only response headers
proxyHistory.response.body      # Only response body
Same patterns work with siteMap.* 
/burp-search project.burp proxyHistory.request.headers

Examples

Extract all high-severity findings:
/burp-search project.burp auditItems | jq 'select(.severity == "High")'

Output Format

All output is JSON, one object per line. Pipe to jq for formatting or use grep for filtering: 
/burp-search project.burp auditItems | jq .

How It Works

1

Burp Extension Integration

The plugin uses the burpsuite-project-file-parser extension to access project file data
2

Command-line Access

Runs Burp Suite in headless mode via the bundled JRE to execute search operations
3

JSON Output

Returns structured JSON data for easy parsing and analysis
4

Claude Integration

Claude can analyze the JSON output to identify vulnerabilities and patterns

Environment Variables

Override default paths if needed:
BURP_JAVA
string
Path to Java executable (default: Burp’s bundled JRE)
BURP_JAR
string
Path to burpsuite_pro.jar

Default Paths

BURP_JAVA="/Applications/Burp Suite Professional.app/Contents/Resources/jre.bundle/Contents/Home/bin/java"
BURP_JAR="/Applications/Burp Suite Professional.app/Contents/Resources/app/burpsuite_pro.jar"

Use Cases

Vulnerability Triage

Quickly extract and prioritize security findings by severity and confidence

Pattern Analysis

Search for specific patterns across all captured HTTP traffic

Attack Surface Mapping

Export site map data to understand application structure

Report Generation

Extract data for automated security report generation

Tips

Use sub-component filters like proxyHistory.response.body on large projects to improve performance and reduce memory usage.
Ensure the burpsuite-project-file-parser extension is properly installed in Burp Suite before using this plugin.
All regex patterns must be properly quoted when passed as command-line arguments. Use single quotes around the entire operation string.