Feature Requests - Page 20 - Burp Suite User Forum

Burp Intruder Payload Type "File"

I couldn't find an option or even an extension that takes a list of files and uses the file contents in a POST request. This would be very useful to make file upload function tests more efficient. I imagine a new payload...

Expose IScanIssue Requests with Markers

Some scan issues contain marker information in the request/response for easier identification of issue, but there is no way to access these markers through the extender API. The IScanIssue.getHttpMessages() function...

Unable to intercept traffic of mobile application hosted over VPN

Currently facing issues with intercepting the traffic using Burp Suite from a mobile application after whitelisting the public IP address. What is achieved so far: I. Able to intercept the traffic from mobile device’s...

Enable logging on the opening screen

Hello! I think that most business users always use logging. Unfortunately sometimes we forget to turn it on under Project Settings / Misc. Could you put a checkbox in the "New project on disk" section of the opening screen...

Reset

Can you reset all my labs expect sql injection and path traversal.

Regarding Java version

Hi, Recently we are seeing nessus vulnerability issue regarding the oracle java version as below: Plugins: 166316 Oracle Java SE Multiple Vulnerabilities (October 2022 CPU). "<plugin_output> Path :...

How does Burp Suite Enterprise choose when two configuration files conflict?

Hi, Team: We can upload more than two configuration files for a site in Burp Suite Enterprise (Settings > Configuration). but how does Burp Suite Enterprise choose when two configuration files conflict? The A...

Content Discovery Improvements

Hi, I raised this issue a year or two back (don't recall the outcome, but it is not yet a feature)and wanted to raise it and one other again. The Content Discovery feature produces too much noise in its default...

Multiple Extensions enabled on a single click

A user by selecting multiple plugins from the list can be enabled using a single click without each extension opening a separate widow. Include a separate tab to show which extensions did not load and their respective...

Selection on Inspector

When selecting text on repeater, on inspector it shows the number of bytes. It would be helpfull to see the number of bytes also in Dec but also in Hex. In particular when performing http smuggling attacks (transfer...

Burp Collaborator Mobile App

Dreamtime / blue sky request :-D Sometimes I'm in a situation where burp is installed on a machine that's not internet connected, but I'd still like to use the collaborator. It would be awesome if there could be a mobile...

License Installation Limit

Hello, I have reached my license limit. I have activated the license in several VMs on my personal computer. If possible I'd require an additional activation.

Account 2FA BYPASS

Can anyone tell me how to bypass mega account recovery key it is important to me it has 10 bitcoin in it whoever securely bypass it I give 2 bitcoin to it.

Burp Collaborator question

hi, Does Burp Suite Enterprise Edition support the use of a private Burp Collaborator? and how could it be used? thanks!

Providing UDP source ports in Burp Collaborator

Is it possible to provide UDP source ports of DNS queries via the IBurpCollaboratorInteraction interface? This would allow to easily analyze the randomness of used source ports, which makes it possible to find...

Intruder payload defaults for integers

Hey, I often want to bruteforce IDs, specifically integers. I use the `Numbers` payload in Intruder. But it requires the following configuration: - Min/max integer digits - Min/max fraction digits This means every...

Add OAuth2 Support for Burp Professionnal Edition or else

Hi everyone, I've seen that "OAuth" is not on your "prior list" and i don't understand why. Everything is an API at the moment, it should be on your prior list to add this feature. Actually i need to test 2 privates...

Split screen for proxy history

It would be very handy in my opinion to have the proxy history splitted sometimes, to compare login request flows.

Burp Suite Enterprise REST API Scanning

Hi, We are attempting to use Enterprise's REST API Scanning feature. We understand the published limitations, which do not allow for Authorization or Additional headers to be specified in the OpenAPI Specification....

False Positive - Add Comment

I'd like to be able to add a comment for why an issue has been marked as a false positive. I'd like those comments to be available to be included in scan reports as well.