diff --git a/Proxy/HTTP/HighlightTrackerServices.bambda b/Proxy/HTTP/HighlightTrackerServices.bambda new file mode 100644 index 0000000..44264f3 --- /dev/null +++ b/Proxy/HTTP/HighlightTrackerServices.bambda @@ -0,0 +1,42 @@ +/** + * HighlightTrackerServices: Burp Suite Bambda for Identifying Tracking Services + * FilterOut Burp Suite history to detect and analyze tracking services from web requests + * @author Tur24Tur / BugBountyzip (https://github.com/BugBountyzip) + **/ + +// Define hash sets for hosts, paths, and parameters +Set trackedHosts = new HashSet<>(Arrays.asList("www.gstatic.com", "events.statsigapi.net", "ingesteer.services-prod.nsvcs.net", "js-eu1.hs-analytics.net", "static.hotjar.com", "forms-eu1.hscollectedforms.net", "www.google-analytics.com", "www.googletagmanager.com", "static.xx.fbcdn.net", "stats.g.doubleclick.net", "collector.github.com")); +Set trackedPaths = new HashSet<>(Arrays.asList("/logging/v1", "/track")); +Set trackedParameters = new HashSet<>(Arrays.asList("logs", "log")); + +// Main logic of the Bambda +var request = requestResponse.request(); +String requestUrl = request.url().toLowerCase(); + +// Extract host and path from URL +String[] urlParts = requestUrl.split("/", 4); +String host = urlParts.length > 2 ? urlParts[2] : ""; +String path = urlParts.length > 3 ? "/" + urlParts[3].split("\\?")[0] : ""; + +// Check for tracked host +if (trackedHosts.contains(host)) { + requestResponse.annotations().setHighlightColor(HighlightColor.RED); + return true; +} + +// Check for tracked path +if (trackedPaths.contains(path)) { + requestResponse.annotations().setHighlightColor(HighlightColor.RED); + return true; +} + +// Check for tracked parameters +var parameters = request.parameters(); +for (HttpParameter param : parameters) { + if (trackedParameters.contains(param.name().toLowerCase()) || trackedParameters.contains(param.value().toLowerCase())) { + requestResponse.annotations().setHighlightColor(HighlightColor.RED); + return true; + } +} + +return false;