Added ssrf_common_params.bambda

[e1abrador]

Bambda Contributions

• ✔️Bambda has a valid header, featuring an @author annotation and suitable description
• ✔️Bambda compiles and executes as expected
• ✔️Only .bambda files have been added or modified (README.md files are automatically updated / generated after PR merge)

[ps-porpoise]

Hey @e1abrador, thanks for your submission!

We've had a discussion internally about your Bambda, and whilst we like it's innovative approach, we feel that this may be more suitable as a BCheck or custom scan check. There's a couple of reasons for this:

1. This extension point is primarily aimed at the proxy history UI rather than the data itself, so whilst your application is innovative it's not something we'd want to promote. Hopefully in the future, you'll be able to write custom scan checks with Bambdas.
2. The use of the Collaborator means that this would effectively be a pro only Bambda, which we don't currently have.
3. If you use a BCheck or Montoya, then you'll be able to use an interactionId for each request item and parameter so you will have greater fidelity if it fires (you will also be able to poll for the interactions directly).
4. Using Java's network code directly means that these requests will bypass any proxy settings, not be sent to the Logger, avoid session handling, etc. We're pretty strict about enforcing this within BApps as some users have legal requirements to log all requests and others use Tor.

For future reference, you can add parameters directly to the request using requestResponse.request().withAddedParameters().

Please keep experimenting with Bambdas and we look forward to seeing future PRs from you! Cheers!