Feature Requests - Burp Suite User Forum

Ability to Duplicate and Edit Scan Configurations for Easier Debugging and Fine-Tuning

When debugging or fine-tuning a scan configuration, there's currently no option to duplicate an existing scan's configuration settings, which makes the process repetitive and time-consuming. Each time a scan is adjusted, the...

ASP.NET Cookieless Session Support

Hi, I have come across multiple internal web applications that support cookieless sessions. Cookieless sessions create a unique token in the URL to track session states over HTTP. This creates an unmanageable...

Save Organizer data (Request, Response & Notes) locally.

Hi Team, I am requesting a feature that allows us to save organizer data to a separate file on our local system. Sometimes, when reopening a previous Burp file, errors like 'Corrupted file' may occur & the opening huge...

lab progress reset

Hi Portswigger team, I would like to rest my lab progress. so please reset my progress. and can you just provide the reset button in labs because many people are having the same issue and they wanna reset their lab and...

Reset of Progress

Good Morning Portswigger Team, I would like to reset my Portswigger Labs Progress Thankyou

Change Burp from temporary to disk project mode

When saving a temporary project as a disk project, it would be great to have the option to also convert Burp into disk project mode, so that you can do things which are not possible in temporary project mode like (for...

Option to make "Auto-modified request" the default view option in HTTP history

I'd like to be able to set Burp's default behavior to always show the "Auto-modified" request and response in the HTTP history tab. Thank you.

Can a custom security scan policy be created in Burp Suite Enterprise?

I would like to know if it is possible to create a custom scan policy in Burp Suite Enterprise to detect specific strings using regular expressions or create an XSS script to scan for vulnerabilities utilizing the custom XSS...

Link your profile for social media etc

Hey ive been trying to find a way to send my profile as a reference for potential work aswell as on social media. Is there any function for that? Seems like a dead end tho. Please introduce this feature (if it doesnt exist...

HTTP history - Go to request number

I think it would be useful to have some way to "go" to a specific request identified by its number preserving the current filter being set. Kind of how "Go to address" works in software like IDA, Ghidra or Binary...

Dark Mode for Web Security Academy

As a learner we have to spend a lot of time spending time reading on Web Security Academy. Therefore, it would be very convenient if we had an option of dark mode too.

Websockets history in proxy

Hi there, My burp suite Websockets history in proxy generate a lot of PING PONG history (even before I start typing in the chat, one lab generated almost 1500 history, with 95% are PING PONG). PING is to server, PONG is...

solved lab show not solved

Hi, I have solved xss to csrf to change email but it does not show solved after solving the lab

Add time counter between Intruder requests (initiate an Intruder request every x seconds/minutes)

Hello there, I would like to request a new feature be added to Intruder. I have come across web applications that use the time between requests to control against brute force attempts. As an example, if a user account has...

ShortCut key APIs and Feature

Hi Team, I would like to recommend adding a feature to the APIs as well as to BurpSuite. For example, if I have selected a specific value in the request/response editor and I want to decode it, I have to open the menu...

Bringing New Life to Burp Suite

Dear Portswigger Team, I hope this message finds you well! I wanted to make a humble request regarding Burp Suite 1.7.37. Although this version is a bit outdated now, it remains my (and many others') favorite...

reset my one lab

hello, portswigger team i want to reset this lab (Lab: Reflected XSS into HTML context with most tags and attributes blocked)

Keyboard shortcuts for Intruder

Hey PortSwigger folks! I use Burp Suite every day and like it quite a bit. That said -- I think it would be really great if you could add keyboard shortcuts to Intruder, specifically for adding and removing or clearing...

Lab: Performing CSRF exploits over GraphQL is not working /GraphQl Labs

Hi, I noticed that the lab Imentioned is not working (I can't get to the lab to try to solve it )

Reset Request for port swigger labs and learning path

Hello port swigger team, could you please reset my port swigger labs and learning path