Feature Requests - Page 2 - Burp Suite User Forum

hak portswigger

I just finished ٍ , SSTI {{ get_flashed_messages.__globals__.__builtins__.open("/etc/passwd").read() }} Don't be afraid, I won't hack you

Secure Connection Failed when intercepting request via Burp Proxy

Hi Portswigger, Kindly assist to resolve this error message while trying to intercept salesforce application. This happen after I updated to the latest version of burp suite. An error occurred during a connection to...

Enterprise - Integration with ServiceNow

Please create a two-way integration for ServiceNow. You can see an ideal integration here, https://www.netsparker.com/support/integrating-netsparker-enterprise-servicenow/ Notice the availability for the SN ticket to...

Suggest updating header recommendations in Advisories

From "Frameable response (potential Clickjacking)", advisory recommends adding X-Frame-Options header but is it better to recommend Content Security Policy as the first choice and X-Frame-Options for compatibility...

Bambdas "store" and examples

IMO the main issue with bambdas is that it's missing a way to save, load, rename user bambdas (I mean with a nice interface like for the payload in the intruder, not by loading / saving files on the file system). Also with...

Support sorting in Burp Extension tag

Currently, sorting doesn't happen when clicking columns headers like Loaded, Type, Name. When having lots of extension,s it's very hard to navigate. https://snag.gy/38SP7T.jpg

shortcut to clear whole http history AND option to disable confirmation dialogs globally !

shortcut to clear whole http history AND option to disable confirmation dialogs globally ! This is killing my flow every flippin' time :-) PLEASE!!!

Scope definition using Bambdas for a unified experience

Hi, The Bambdas search is very cool. I was wondering if it would be possible to implement the bambdas search as the scope definition. This could allow users to simply copy/paster their bambda search to make it the new...

Please support hotkeys for the two new tabs.

Hi team, you may have noticed that we recently moved the `Event log` and `All issues` to the bottom of Burpsuite. However, they only work with a pure mouse, which is inconvenient. Please make it possible to toggle them...

Repeater Response Header Hiding

A QoL feature request to be able to hide response headers in the repeater tool for providing more clear screenshots. A button in the Inspector tab to hide them all and then individually would help draw the eye to where...

The authentication key does not work. Please check if it is blocked and release it.

The company's security program deleted the authentication key, so I entered the authentication key again, but authentication did not work. I need to use it right away, but please tell me how to authenticate.

Keyboard shortcuts for Intruder

Hey PortSwigger folks! I use Burp Suite every day and like it quite a bit. That said -- I think it would be really great if you could add keyboard shortcuts to Intruder, specifically for adding and removing or clearing...

Dark Mode for Web Security Academy

As a learner we have to spend a lot of time spending time reading on Web Security Academy. Therefore, it would be very convenient if we had an option of dark mode too.

Support global variables

There are extensions that have some support for variables, but they seem like overkill for handling only variables. I can also achieve some of this with Session Handling Rules in Proxy Options, but it is not as easy when...

Vulnerable Javascript Dependency

I need to inform that Burpsuite was not able to find the Momentjs vulnerability related to CVE-2022-31129 and CVE-2022-24785 in scans. Let me know if the said signatures are added in the burpsuite (in which versions). Need...

Proxy Original Request Vs Edited Request

Love the new split view on the proxy history with the request/response! The drop down to flip between the original and edited though is a pain. Going back through the proxy history for reporting and flipping between these...

Re-run specific Scanner Checks

It would be great to be able to re-run specific scanner checks to check to see if a finding was indeed fixed or not. I realize that most Scanner finding can simply be sent to the repeater and done that way, however, at...

Option to make "Auto-modified request" the default view option in HTTP history

I'd like to be able to set Burp's default behavior to always show the "Auto-modified" request and response in the HTTP history tab. Thank you.

Request Length in Proxy History

Hello, Are there any plans to make the Request lengths visible in Proxy history? When looking at a series of requests to the same endpoint, you can currently see the Response lengths listed under "Length", but...

Persist column order of Proxy -> HTTP history tab in project or user settings

Hi, In Proxy -> HTTP (WebSocket) history tab I can change the order of columns so the columns I want to see goes first (e.g. URL, request time, ...) and others goes after. However this order isn't preserved between Burp...