Feature Requests - Burp Suite User Forum

intercept on/off button duplicated next to settings wheel

The proxy intercept switch is a core feature of burp and it's kinda buried in the UI. It's hard to even get a "muscle memory" for it because when you turn it off the view changes to the blank screen with the binoculars or...

Mobile Web Page to Download Cert

When you first start to proxy traffic and have to connect to Burp to download the cert on the hosted web page, can you make the page responsive when opening on mobile devices? Obviously the page is optimised for use on a PC,...

No Mystery Lab for Prototype Pollution?

Hi, I noticed that there are no mystery labs for Prototype pollution. Not sure if this is just missing or was done on purpose. Would be very helpful if included. Thanks!

Intercept flutter app on android device and ios devoce

Hi, I have configured both android and ios devices with the Portswigger certificate and browser logs for both devices are getting logged in Burp suite. Also the logs from Native ios app are getting logged in Burp...

Passed BSCP - Thank you PortSwigger!

I really enjoyed the BSCP experience. The labs felt challenging, and even though I've had 15+ years of web app testing experience, the exercises put me through my paces. I've never felt as frustrated with a web application...

Exploiting server-side parameter pollution in a query string

In the lab process you reach a point which it tells you invalid filed --> now i though field --> means you must find the field's name --> but the name was field --> and i Spent alot of time trying to find it by brute...

Decoder - URL and HTML encode special characters only

Can you please add the ability to Decoder to encode the special URL and HTML characters only? The need to do this comes up quite often during application testing. For example, when looking at the first lab of the burp...

Burp Suite Professional

Hello Can I ask if there any possibility that you guys provide a Burp Suite Professional for students that can't pay for Burp Suite Professional and actually 1 month of trial is not enough, so can you provide like 3 months...

Intercept Queue

Would it be possible to add a "Queue" to the Intercept tab. This would show the requests/responses queued to be intercepted and they would be removed from the queue after they are intercepted. On occasions where there are...

Chromium Settings per Project

Hi Portswigger-Team, I would love to see, that chromium settings (open last tabs etc.) are saved in the project/save files and only applied if I reopen the project (only for the built-in browser of course). Like when I...

ShortCut key APIs and Feature

Hi Team, I would like to recommend adding a feature to the APIs as well as to BurpSuite. For example, if I have selected a specific value in the request/response editor and I want to decode it, I have to open the menu...

I want to reset all labs to practiceI want to reset all labs to practice

Reset Request for Portswigger's Bab and Pathways

Hey Portwigger team, I would like to make a request to reset all my lab's progress

Add x amount of duplicate windows in Repeater.

I was doing your race condition lab, and I was thinking why not add an option to Duplicate Tab x amount of times? You can't replace the CSRF token in each Repeater tab either, so another suggestion would be that you would...

Decoder 'Wrap Text' option

Can we have a little tick box on the decoder window to auto wrap text. I hate horizontal scrolling like most people!

Decoder Tabs

The decoder tool should have tabs like most of the other tools. It would be very useful to use one tab to decode and another to encode. I also think it would be useful if burp didn't clear the chain of decoders when you...

HTTP history - Go to request number

I think it would be useful to have some way to "go" to a specific request identified by its number preserving the current filter being set. Kind of how "Go to address" works in software like IDA, Ghidra or Binary...

Response size and time (statistics / metadata) about responses

In the Repeater, we have useful information: - total response size (in bytes) - response time (duration between request sent and response received in ms) I would be nice to have those data anywhere in Burp and not...

New Filter Request Type Option: Show only out-of-scope items

The filter option to to display only in-scope items is great, it would however also be beneficial to have the ability to filter for the opposite. Regrettably, utilizing the in-scope filter option with a negative search does...

Repeater used to show response time in ms. Now it shows byte size?

Byte size is not helpful since I can see response length in the message editor. How can I switch back to showing response time in Repeater in the bottom right-hand corner?