Feature Requests - Burp Suite User Forum

Result of Exam

Hello Team, After we attempt the exam and fail, will it be stored on the account to see at any time the result of the attempted test?

SAML auto provisioning feature

Is there a plan to add SAML auto-provisioning option for Burp Enterprise SAML integration?

No Raw in Response when using Repeater

I copied my proxy intercept and pasted it in Repeater tab’s Raw. Then click GO (filled host&port), nothing is appeared in Response window. How can i do for see the response raw? (I’m doing webgoat missing function level...

No more activations allowed for this license

Hi I tried to activate my burp suite pro license on my home pc, but it seems I’m blocked from activating additional licenses. I currently serve in the army, so I wasted one license activation on a public pc I use for...

Content Discovery

When I try to use burp discover content I find that my VMware machine hangs and stops working (happened multiple times for single target) after finishing a large percent of the work then I have to shut the machine down and...

Arrow keys to navigate on Dashboard > Issue activity panel

I would like to be able to use the keyboard arrow keys to navigate up and down on the Dashboard > Issue activity panel when it has focus. I would like it to work exactly the same way as using the arrows keys to navigate...

Multiple Regex Matches In Intruder | Global Regex Toggle

For Intruder --> Options --> Grep - Extract, there doesn't currently appear to be a good way to return multiple regex matches. The suggested solution of "add another Grep - Extract with the same search to return the next...

Capability to scan React.js

As per the title - is Burp capable or truly scanning React.js built applications? Does anyone have any experience of this?

Add time counter between Intruder requests (initiate an Intruder request every x seconds/minutes)

Hello there, I would like to request a new feature be added to Intruder. I have come across web applications that use the time between requests to control against brute force attempts. As an example, if a user account has...

Single Page Scanning

Hello Portswigger, I'll like to make a feature request in regards to Single Page Scanning. This would be a feature request specifically for BurpSuite Enterprise. Given that a lot of updates have been made to the DAST...

Burp Enterprise Optimization for SPA

I have been trying out burp enterprise trial for our organization to conduct security scans. It is a SPA (javascript heavy), the primary issue with the tool is its crawling ability for SPA. It fails to raise the http request...

Follow XDG directory specification

Hello, I would like the developers of the Burp Suite to consider implementing XDG directory specification in order to remove unnecessary $HOME clutter. By storing config, cache and user data under $XDG_CONFIG_HOME...

Content Discovery remove items from Queued Tasks

Would be very nice if it is possible to remove items from the "Queued Tasks" in the content discovery to for example avoid unnecessary discovery tasks. Think this one is easy to implement ;)

Free Trial

I have raised an request for free trial. I did not get the free trial license

Custom Hotkeys

I looked around the Internet and through the forums here. There are some references in the forums here, but I was unable to find any resolution. Is there any way to create a custom hotkey for an action that is not listed...

Issue Report Timestamps

As far as I'm aware, there currently is not a way to append timestamps of when each issue was audited/discovered to each individual issue/result in an Issue Report. The only possible related feature would be the fact that...

Authentication Multi factor lab - 2FA Broken Login

Hi, I've been trying to solve this lab for a while without success. I'm not receiving the 302 Found message for verify=Carlos. Here is the POST message I'm...

Expose IScanIssue Requests with Markers

Some scan issues contain marker information in the request/response for easier identification of issue, but there is no way to access these markers through the extender API. The IScanIssue.getHttpMessages() function...

Scanner Timestamps

There is a need (I am sure we are not the only ones) to include Timestamps with each scanner result. Having a timestamp included for each result in the scan report would make the found vulnerabilities much easier to trace...

Remember column layout in HTTP history

Hello, I usually move the "Time" column to the left in the Proxy - HTTP history. But burp doesn't remember this. Neither in the stored project, nor in the project options or in the user options. I have to re-arrange this...