Feature Requests - Burp Suite User Forum

need scroll feature in "Action"

when we use multiple extensions then in Proxy tab, whenever we click on Action button then scroll feature is not there so that we can not able to use all features provided by Action button.

Local File Inclusion and Remote code execution request

Good evening portswigger. I recently started learning ethical hacking and bug bounty not too long ago. I have finished the The web application hackers handbook and I'm about half way through your web security academy and I'm...

Add option to highlight to Target tab

Being able to highlight items with different colors in the Target Tab could take the place of a plugin like this https://github.com/Regala/burp-scope-monitor. I could use it to mark areas that still need coverage. PS you...

Search regex extract

I'd like to have a way to have Burp Search extract all the values that match a certain regex or results between a start and end regex. This would be similar to the feature in Intruder that can extract values based on two...

Checkbox for unauthenticated/authenticated crawl/audit

Hi, could you please introduce some checkbox, whether the Crawl+Audit should be authenticated, unauthenticated, or both? I have a huge scope (thousands of JSP files), I set login, and after 24h it's still only making...

Make Burp a distributed system

Hello, Last week I was testing a huge application with tens of thousands pages and my work was time throttled by my testing workstation. I guess it would be a huge amount of work but it could be very useful to be able to...

Please bring back the "Headers" view

Before the introduction of the "Inspector" sidebar, there was an option to set different views for requests and responses (Headers, Raw, Hex ...). These were very useful for reporting as we could do screenshots and show...

Add HTTP Method as a value to the filter scope

The current scope dialog uses protocol, host/ip, port and file as a filter, however, there are times when it would be useful to filter on HTTP method too. For example when working with a RESTful interface that uses the...

Proxy JS File Support

Working on-site sometimes we require to set upstream proxy servers to a JS file which switches the specific proxy/server to connect to based on the destination IP address. Support for this file format would be useful in...

Timing requests

Add a feature in intruder/repeater to start requests at a specific time and not in a specific time

Multiselect for Inspector

Before the Inspector was introduced to Repeater, I could select many different parameters (which didn't have any value for example) and simply remove them and try the attack payload again. This is currently not possible, and...

Playback on recorded login

Hi In order to debug problems with "recorded login" fucntionality like : "Failed to replay sequence Login : expected navigation after clicking on ... but none occurred" Competing offer playback feature, can you do the...

sitemap feature in buro enterprise edition

are there any site maps in Burp suite Enterprise edition!

Javascript dependent Login Page unable to use Automated Scan Feature

Hey! If the login page only works with JavaScript enabled. Then the automated scan feature is not working. It says login page not found. As discussed in this post...

Rest API Scanning

Is there an anticipated timeline available for api scanning feature to be available in BurpSuite Enterprise?

CSV Export of vulnerabilities

Hello, Is there a way to export vulns via a CSV file instead of the normal HTML report?

Follow XDG directory specification

Hello, I would like the developers of the Burp Suite to consider implementing XDG directory specification in order to remove unnecessary $HOME clutter. By storing config, cache and user data under $XDG_CONFIG_HOME...

A button to pause all the traffic generated by Extenders

Hi, Would it be possible to implement "Pause all Extender traffic" button, which would also be applied to Extenders? For example, if I try to guess parameters using Param Miner, but I would like to pause all the traffic...

Burp 2: Application Login - 2nd authentication step

The New Login Credentials accept username and password. Would it be possible to introduce an optional 2nd authentication step, like PIN (with static value)? For example, user needs to fill in username+password, followed by...

additional decoder compression options

It would be really useful if decoder had options to deal with deflate and brotli as well as gzip ...