Burp Suite User Forum

Burp signed SSL certificates throw warning in Chrome

When burp generates CA-signed per-host certificates, Google Chrome marks these sites as having "Weak Security configuration (SHA-1 signatures), so your connections may not be private. Screenshot:...

Last updated: Jun 11, 2015 08:03AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

UI - Scanner:Results - tag resolved findings

Hi, I would love to be able to tag findings as 'already worked on and resolved' or 'read'. Helps in case I go through findings while the active scan is still on (reason being lack of time). In current state new findings are...

Last updated: Jun 10, 2015 11:23AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

UI - shortcuts - 'set Severity, Confidence', global 'enable/disable Proxy Intercept'

I would like to have possibility to: - assign keyboard shortcuts to more actions, e.g.: in Scanner:Results - set Severity, Confidence level (I would use numkeys) - use global windows shortcut for some actions (e.g....

Last updated: Jun 10, 2015 11:22AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Good XSS detection

I'm somewhat disappointed. I conducted an nessus scan on a host, without entering any information. It found an XSS. When I did an active scan of the same host with Burp, Burp did not. It is a really easy to find XSS. I'm...

Last updated: Jun 01, 2015 08:39AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

UI - Scanner - selected tab persistence (like in Proxy)

Hi, I would like selected tab persistence when browsing through findings (exactly like in Proxy tab) - I select tab Response and it stays the selected one when I click on a different finding. A small thing, would help a lot...

Last updated: May 18, 2015 05:10PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

Reflected input monitor for passive scanning

A new check should be introduced to passive scanner which will monitor all the requests and report if any of the input parameters get reflected in the response. This will be very useful in determining which parameters to...

Last updated: May 15, 2015 08:20AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Repeater and intruder for pentesting WebSockets

Hi, I'd love to see mentioned features implemented for pentesting WebSockets. Those features would be useful for testing both WS client and server. Also it would save me some time writing my own set of...

Last updated: May 13, 2015 01:08PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Find and replace in intruder

It would be nice to have a find and replace within intruder, saving the tester from burp <-> notepad copy & paste kung foo. Sometimes the HTTP requests are so massive that makes impossible to set each entry point one by one.

Last updated: May 11, 2015 12:31PM UTC | 1 Agent replies | 2 Community replies | Feature Requests

Repeater UI - Fixed Placement of Tabs

I would like for repeater to not move the location of tabs when selecting new repeater tabs. This occurs when the user has a large number of repeater tabs open (which happens to me when testing API calls where we make one...

Last updated: May 11, 2015 09:19AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Open multiple links in a browser

Target > Site map > expand tree. 1. Select a grey link that has not been visited. Right click. Instead of Copy URL, add option to Open URL. 2. Select multiple links that have not been visited. Right click. Instead...

Last updated: May 06, 2015 05:10PM UTC | 0 Agent replies | 1 Community replies | Feature Requests

encoder stuff

Url encoding, would be nice if two options exist; one that encodes everything. and one that encodes just the characters that are necessary. I keep seeing apps that are microsoft stacks that seem to dislike characters that...

Last updated: Apr 28, 2015 12:39PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Configure the parameter separator on GET and POST reponses

Actually the parameter separator is the & symbol, but sometimes the applications use different character as parameter separators, for example a lot of tomcat applications use the | character. It could be very very useful...

Last updated: Apr 28, 2015 10:02AM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Hide viewstate

I would like to have a native function to hide huge viewstates from ASP.NET web applications. Or even better, if it could be possible to toggle the visibility for any variable

Last updated: Apr 24, 2015 09:59AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

API to update Requests as presented in UI in Proxy, Repeater, etc.

Hi, I have written some custom extensions using both the java API and jython. Typically, it is for things like setting custom headers. While they work (they do send the custom headers) it's hard to see exactly what was...

Last updated: Apr 22, 2015 08:29AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

XML formatting

Would it be possible for Burp Suite to properly format XML requests in the 'Params' tab? Cheers.

Last updated: Apr 20, 2015 08:47AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

In scanner, Setting a configration of redirection

I would like to set up redirection in scanner in the same way as intruder/repeater. Scanner can only set up valid/invalid. (It is the check box "Follow redirections where necessary")

Last updated: Apr 07, 2015 08:39AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

In intruder, setting up payload with "Grep - Match"

When I use intruder, I have to set up payload and "Grep - Match" each time. So I would like to set up them same time.

Last updated: Apr 07, 2015 08:37AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Load Macro Parameter from File

When configuring a macro item, each parameter's value has the option of "Use preset value" or "Derive from prior response". I'd like the capability to load a parameter's value from a file at runtime by specifying a...

Last updated: Apr 03, 2015 06:07PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

Decoder enhancements - user interface

Two items to request (both mentioned in former user forum): 1. Multiple decoder tabs (self-explanatory) 2. Clipboard context menu within the input field. This seems simple enough, but essentially this will give users...

Last updated: Apr 02, 2015 10:52AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Decoder enhancements - algorithms

To minimize switching between Burp and other tools for crypto-analysis, add more options to Burp's Decoder. Here are a few suggestions: - keyed algorithms (DES, 3DES, AES, XOR, ROTn, etc) - Anything OpenSSL enc/dec...

Last updated: Apr 02, 2015 10:50AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Page 27 of 28

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image