A Burp Suite extension to export HTTP traffic with per-domain/subdomain filtering.
Built with the Montoya API.
- Domain Filter Tree — checkbox tree grouped by root domain; supports select all, deselect all, and live search
- Live Traffic Capture — auto-populates as requests pass through the proxy; deduplication by method + URL; FIFO eviction at 10,000 entries per host
- 5 Export Formats — RAW, JSON, CSV, HAR 1.2, Markdown pentesting report
- Right-Click Context Menu — export selected items directly from Proxy History, Target Site Map, and Repeater
- Export Filters — HTTP method, status code ranges (
200,301,400-499), Content-Type, exclude static assets, max body size, in-scope only - Live Preview Panel — shows first 5 matching entries as you adjust filters
- Statistics Bar — total domains, request count, method breakdown, status-class breakdown
- Interesting Request Detection — auto-flags sensitive URL params (
id=,token=,password=, etc.), error responses (401/403/500), and SQL/exception keywords in response bodies - HAR Import — load a
.harfile to populate the domain map, then re-export to any format - Duplicate URL Removal — keep only the latest request per unique URL
- Copy to Clipboard — one-click copy of export output
=== [1] GET https://example.com/api/users ===
--- REQUEST ---
GET /api/users HTTP/1.1
Host: example.com
...
--- RESPONSE ---
HTTP/1.1 200 OK
Content-Type: application/json
...
[
{
"id": 1,
"timestamp": "2025-01-01T12:00:00.000Z",
"host": "example.com",
"method": "GET",
"url": "https://example.com/api/users",
"status_code": 200,
"request_headers": { "Host": "example.com" },
"request_body": "",
"response_headers": { "Content-Type": "application/json" },
"response_body": "...",
"response_length": 1234
}
]Columns: ID, Host, Method, URL, Status Code, Request Content-Type, Response Content-Type, Response Length, Request Body, Response Body
Full HTTP Archive 1.2 spec — compatible with browser DevTools, Insomnia, and Postman.
Pentesting-style report with summary table, detailed entries, and an ⚠ Interesting Findings section at the top.
- Java 21
- Burp Suite (Pro or Community)
git clone https://github.com/dalpan/TrafficExporter.git
cd TrafficExporter
./gradlew jarOutput: build/libs/TrafficExporter-1.0.0.jar
- Open Burp Suite
- Go to Extensions → Installed → Add
- Extension type: Java
- Select
build/libs/TrafficExporter-1.0.0.jar - Click Next — the "Traffic Exporter" tab will appear in the main window
Traffic is captured automatically as you browse through Burp's proxy. On load, existing proxy history is imported automatically. Use the ↺ Refresh button to re-scan history at any time.
- Select domains in the left panel (checkboxes cascade to subdomains)
- Choose an export format from the dropdown
- Set filters (methods, status codes, content-type, etc.)
- Click Export… to save to a file, or Copy to Clipboard
Select one or more requests in Proxy History, Target Site Map, or Repeater → right-click → TrafficExporter ▶ → choose format.
Click Import HAR file… to load a .har file (e.g. exported from Chrome DevTools) and populate the domain map.
src/main/java/trafficexporter/
├── TrafficExporter.java # Extension entry point (BurpExtension)
├── TrafficExporterTab.java # Main UI tab
├── DomainCollector.java # HTTP handler + domain map management
├── ExportEngine.java # All export format logic + HAR import
├── ExportFilter.java # Filter model POJO
├── DomainTreeModel.java # JTree model with checkbox nodes
├── ContextMenuProvider.java # Right-click context menu
└── Utils.java # Helper methods
# Build fat JAR (includes Gson)
./gradlew jar
# Clean build
./gradlew clean jarDependencies:
| Dependency | Scope | Purpose |
|---|---|---|
montoya-api:2023.12.1 |
compileOnly |
Burp Suite API (provided at runtime) |
gson:2.10.1 |
implementation |
JSON serialization (bundled in JAR) |
MIT License — see LICENSE for details.