Burp Suite User Forum

Create new post

Indication on modules complete

Hey team, hope you guys are doing good. On learning path page of the website, it shows all the modules available. Also while going through topics, we have a button to mark module as "Complete". So, I guess, it'll more...

Last updated: Jan 11, 2023 10:43AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Great academy, but could do with a few minor improvements

The first would have to be the wiener:peter login id and password. It's a bit childish. I can understand the humor, but I bet it's gonna rub women the wrong way. Just a minor thing. The main issue I have is with the...

Last updated: Jan 10, 2023 02:22PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Make Predefined Payload Lists recursive

Currently when you load custom lists from a directory in 'Preset Payload Lists', the payloads that are shown do not include sub-directories or their files. It would be great to have a directory of commonly used lists that...

Last updated: Jan 09, 2023 03:22PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Extension API for WebSocket

Hi, more and more applications every day use WebSockets. In order to handle everyday assessments, it could be great to be able to be able to add Extensions also related to WebSockets, like IHttpListener to tamper traffic,...

Last updated: Jan 04, 2023 02:34PM UTC | 4 Agent replies | 3 Community replies | Feature Requests

Cluster bomb - Username enumeration via account lock

Hi, Currently working on lab "Vulnerabilities in password-based login - Username enumeration via account lock", and after sending cluster bomb attack, there is no length variation for valid account. Even I divided in...

Last updated: Jan 02, 2023 10:43AM UTC | 4 Agent replies | 3 Community replies | Feature Requests

Intruder and SNI

Hi, In recent assessment I would like to brute-force domains for a class of IP addresses (port 443, with SSL/TLS) using the Intruder of Burp Suite. New intruder versions allow to insert the insertion point also in the...

Last updated: Dec 27, 2022 10:22AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Hello

I have some issues with one of my licenses. The second license that tooked, that expires on september 2023 , when i try to activate i receive the error message that "Too many activations on this licese". I had some issues...

Last updated: Dec 20, 2022 03:39PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Progress reset

Hello, I would like to reset my labs and materials progress. Can you please reset it?

Last updated: Dec 19, 2022 10:58AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Custom Burp Collaborator Responses

It would be cool if there was an "intercept" feature for burp collaborator RESPONSES. Basically when a request comes into the collaborator, it could give an interface similar to the proxy intercept interface that allows you...

Last updated: Dec 16, 2022 01:49PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Differentiate between 'In-Scope' and 'Out of Scope'

* As a user with multiple sites listed in the Site map * I'd like to be able to differentiate between sites that are in-scope and sites that are out-of-scope * So that I can see what sites have been found and...

Last updated: Dec 15, 2022 09:17AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Integrate Burp Suite Enterprise with GitHub Actions

Hi, Please publish a GitHub action that will scan the target site and create the results in GitHub security dashboard

Last updated: Dec 13, 2022 08:54PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Windows Arm64

Windows Arm is starting to be popular. With Windows JDK I can use the JAR version - https://learn.microsoft.com/en-us/java/openjdk However, the Chromium inside is win64 It is a huge difference in performance with...

Last updated: Dec 13, 2022 03:31PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

BRUTE FORCE LOGIN FORM

Hey guys i am starting-blocks with burp with brute force méthode login form. I tried to use it on website specialized for vulnérability and it seems to work gréât. When i make a request, burp gave the username and the...

Last updated: Dec 13, 2022 01:41PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Make use of the del key to be able to delete a line in the HTTP history

Hello, As you can see by the subject it is pretty easy and it's even surprising that it is not here by default. When we want to delete the reqs one by one and we quickly want to check if they are not useful, we need to...

Last updated: Dec 13, 2022 11:17AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

the ability to reset a lab

after mucking about with: https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-stealing-cookies i ended up messing the pages with csrf reuests\blocking the comment form. even though i can send...

Last updated: Dec 13, 2022 07:57AM UTC | 3 Agent replies | 2 Community replies | Feature Requests

Reset labs

Could you reset all my labs and progress?

Last updated: Dec 05, 2022 07:57AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Ability to turn off proxy in Burp Browser

I think it will be helpful to have the option to turn off the proxy on Burp Browser while navigating a site. Use cases: Log in to a website without capturing the login credentials in Burp, or wanting to leave out the...

Last updated: Dec 02, 2022 12:42PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Using X-Forwarded-host in Web cache poisoning

I'm currently working on the web cache poisoning with an unkeyed header lab but whenever I put x=forwarded-host in my header I don't receive a response back. I even tested this by sending the header with just ?cb=1234 and...

Last updated: Dec 02, 2022 08:52AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Progress bar under each topic tab in learning path page

Hello, I'd like to to see the progression towards completion under each topic tab in the "learning path" page. Not sure whether it would look cool or not... Maybe make it enable/disable? Thanks for the great resources!

Last updated: Nov 28, 2022 03:50PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Limitations for recorded login sequences

Hi Support, We are in need of testing a web application that relies on google sso pop up, and as you wrote "Burp Scanner is currently unable to replay login sequences that rely on popups or <iframe> elements." there is a...

Last updated: Nov 28, 2022 11:46AM UTC | 2 Agent replies | 0 Community replies | Feature Requests

Page 16 of 66

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image