Feature Requests - Burp Suite User Forum

Link your profile for social media etc

Hey ive been trying to find a way to send my profile as a reference for potential work aswell as on social media. Is there any function for that? Seems like a dead end tho. Please introduce this feature (if it doesnt exist...

Issue Discovery - URIs with creds

Could an auto-detect rule be added to detect creds in URI strings? A naive but performant rule could be: \b((?<proto>\w+)://(?<userpass>\w+:\w+)@(?<domainPath>[\w\.:/]+) or...

Content Discovery remove items from Queued Tasks

Would be very nice if it is possible to remove items from the "Queued Tasks" in the content discovery to for example avoid unnecessary discovery tasks. Think this one is easy to implement ;)

Static analysis data exposed through Montoya API

Hello, While developing a new Burp extension, I noticed that data related to static analysis is not accessible using the Montoya API. As an example, I have an "Open redirection (DOM-based)" issue in a Burp project with...

Exam

Do you give students a discount for burpsuite practitioner exam ?

HTTP Proxy Mutating Methods

Hi team, I have been using the montoya APIs for quite sometime now https://portswigger.github.io/burp-extensions-montoya-api/javadoc/burp/api/montoya/proxy/ProxyHttpRequestResponse.html One of the things I'd hoped for...

Platform Authentication settings: allow multiple entries with same host

For the moment only one Platform authentication entry is allowed per destination host. If the user tries to set up a second entry that has the same destination host, Burp will not allow it. However, it is useful during...

Organizer

In my opinion, the organizer is missing its most important function - organizing. If I want to remember different requests for later in my workflow, I divide them into different categories or put them into groups in the...

Bypassing an account

I have been bypassing accounts for my work ,but since last week burp suite does not intercept and send the code back to me as a user. Please help me know to bypass a 2 FA account

More Granularity For "Filter by status code" Setting

Within HTTP history, you can currently filter by 2xx, 3xx, 4xx, and 5xx. This feature isn't useful because I typically want to see 200, 301/302, 4xx, and 5xx responses - but I don't want to see 201 No Content, 304 Not...

Notification Bell on The Website

Add a notification bell so if a user have created a post, and others comment on it. It will be displayed in the notification or Bell Icon. Much like the Youtube Bell Icon

Dark Mode for Web Security Academy

As a learner we have to spend a lot of time spending time reading on Web Security Academy. Therefore, it would be very convenient if we had an option of dark mode too.

when we scan using burp suite and enter a url so does it scan the whole project or that particular URL

when we scan using burp suite and enter a url so does it scan the whole project or that particular URL. Do we need to add all the URL in that project, for...

Option to make "Auto-modified request" the default view option in HTTP history

I'd like to be able to set Burp's default behavior to always show the "Auto-modified" request and response in the HTTP history tab. Thank you.

Montoya equivalent of BCheck 'given host'

I'd like to perform in-depth checks on a host-by-host basis. These checks are beyond the current capabilities of BCheck so I can't use the `given host` approach it provides. Montoya can perform checks on a per-request...

Export searched data from proxy history

I'd like to have a feature where you can search proxy history and export the results to a file. Something along the lines of grep with regex support to save off specific data. I see with Bambdas released, that this might...

Proxy Original Request Vs Edited Request

Love the new split view on the proxy history with the request/response! The drop down to flip between the original and edited though is a pain. Going back through the proxy history for reporting and flipping between these...

Filter - Hide Items Excluded from Scope

Hello! I just want to start by saying Burp Suite is fantastic, and there is no other tool I would rather use to proxy my Web Application Testing with. I was thinking how it might be nice to have the option to Hide items...

Sort entries in the site map by domain components before hostname

While HTTP and HTTPS servers on the same hostname are sorted together (indicating a degree of custom sorting already), it would really make sense to sort all of the servers in a particular domain together as...

Do I need Burp Professional license to take Portswigger Academy course?

Hi, I have a doubt. Does Burp Suite get better performance to solve Portswigger Academy labs ? I've been taking the Portswigger Academy (using burp suite community license), but some of the labs take too long to...