Burp Suite User Forum

Login to post

Intruder payload defaults for integers

Hey, I often want to bruteforce IDs, specifically integers. I use the `Numbers` payload in Intruder. But it requires the following configuration: - Min/max integer digits - Min/max fraction digits This means every...

Last updated: Oct 27, 2022 08:52PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Enterprise - Integration with ServiceNow

Please create a two-way integration for ServiceNow. You can see an ideal integration here, https://www.netsparker.com/support/integrating-netsparker-enterprise-servicenow/ Notice the availability for the SN ticket to...

Last updated: Oct 20, 2022 04:45PM UTC | 3 Agent replies | 3 Community replies | Feature Requests

Add OAuth2 Support for Burp Professionnal Edition or else

Hi everyone, I've seen that "OAuth" is not on your "prior list" and i don't understand why. Everything is an API at the moment, it should be on your prior list to add this feature. Actually i need to test 2 privates...

Last updated: Oct 20, 2022 09:50AM UTC | 3 Agent replies | 3 Community replies | Feature Requests

Split screen for proxy history

It would be very handy in my opinion to have the proxy history splitted sometimes, to compare login request flows.

Last updated: Oct 19, 2022 01:33PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Burp Suite Enterprise REST API Scanning

Hi, We are attempting to use Enterprise's REST API Scanning feature. We understand the published limitations, which do not allow for Authorization or Additional headers to be specified in the OpenAPI Specification....

Last updated: Oct 19, 2022 12:28PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

False Positive - Add Comment

I'd like to be able to add a comment for why an issue has been marked as a false positive. I'd like those comments to be available to be included in scan reports as well.

Last updated: Oct 18, 2022 01:00PM UTC | 2 Agent replies | 2 Community replies | Feature Requests

Proxy Original Request Vs Edited Request

Love the new split view on the proxy history with the request/response! The drop down to flip between the original and edited though is a pain. Going back through the proxy history for reporting and flipping between these...

Last updated: Oct 13, 2022 09:23AM UTC | 4 Agent replies | 3 Community replies | Feature Requests

Request and Response Timings in proxy history and site map

OWASP ZAP shows the RTT in the request history which makes it very easy to manually test and spot potential timing based attacks. I know these timings can been tested / seen in the repeater and intruder... but knowing which...

Last updated: Oct 12, 2022 02:30PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Rename Intruder attacks saved to project

It's really useful to save some intruder attacks to the project file. However, without a way to name them on the dashboard, it can be hard to find the correct one. I know you can name intruder tabs, but this name doesnt seem...

Last updated: Oct 12, 2022 08:02AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

auto replace websocket request messages

hello best app ever is there anyway to auto replace websocket request messages ? or if there are any extension do that can someone show us how :D

Last updated: Oct 11, 2022 10:07AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

deletion

Please delete my account

Last updated: Oct 11, 2022 08:13AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Decoder - URL and HTML encode special characters only

Can you please add the ability to Decoder to encode the special URL and HTML characters only? The need to do this comes up quite often during application testing. For example, when looking at the first lab of the burp...

Last updated: Oct 09, 2022 05:07PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

BurpSuite Certified Practitioner exam

Hello Team, This is Himanshu. I have purchased a burp suite certified practitioner exam on 5th oct 2021. Can i give the exam tomorrow i.e; on 5th oct 2022 or 4th oct 2022 is the last day to give exam.? Thank...

Last updated: Oct 05, 2022 12:22PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Possibility to filter out HTTP-status code in the "Content discovery"

Hi I would like to suggest inclusion of a new function: the possibility of excluding some HTTP-status codes in the responses in the "Content discovery" tool. I see that some sites like to "bounce you back" with 301s. You...

Last updated: Oct 04, 2022 02:15PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Please bring "Delete item(s)" to Intruder back!

The "Delete item(s)" item submenu feature in Intruder is missing for a lot of time now. E.g., version 2020.6 still has it, but from that version to today somewhere in the middle it was removed. Newer version cannot delete...

Last updated: Oct 04, 2022 10:09AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Exclude Hosts from Proxy/Logger History

Hey all, so when testing websites which are big and interconnected, lots of different API endpoints, sometimes even x-site - one (at least I) do not want to use the Scope Feature. (Sidenote: I very rarely use the scope...

Last updated: Sep 29, 2022 07:55AM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Access current theme from extension

I want to find out whether a user uses light mode or dark mode using the Extender API, so that I can pick an appropriate font color in my extension. The new Montoya API has a Theme enum, but there doesn't seem to be any...

Last updated: Sep 28, 2022 03:00PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Add a rule action "sleep" or fix the delay between seconds for the resource pool

Consider the following scenario: For logging in, you need to have a valid CSRF token. The standard way to solve that in Burp is to use a macro that fetches the token. But in this web app, the token is unique for every...

Last updated: Sep 23, 2022 10:29AM UTC | 2 Agent replies | 2 Community replies | Feature Requests

Arrow keys to navigate on Dashboard > Issue activity panel

I would like to be able to use the keyboard arrow keys to navigate up and down on the Dashboard > Issue activity panel when it has focus. I would like it to work exactly the same way as using the arrows keys to navigate...

Last updated: Sep 21, 2022 12:18PM UTC | 3 Agent replies | 2 Community replies | Feature Requests

Follow XDG directory specification

Hello, I would like the developers of the Burp Suite to consider implementing XDG directory specification in order to remove unnecessary $HOME clutter. By storing config, cache and user data under $XDG_CONFIG_HOME...

Last updated: Sep 21, 2022 03:52AM UTC | 4 Agent replies | 4 Community replies | Feature Requests

Page 2 of 53

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image