Feature Requests - Page 3 - Burp Suite User Forum

Content Discovery Response Regex Filtering

Since a lot of WAFs will return 200s instead of 404s for not found, can you add a regex option to filter responses found? For example, if the response matches the regex, then drop/ignore it so it doesn't clutter the Site...

Add online documentation on IAST

Hi, you have a very nice article on OAST https://portswigger.net/burp/application-security-testing/oast Could you please make something similar with IAST? Since you have Infiltrator, but it doesn't have a proper article,...

Response Capture in Repeater would be helpful

Hi, Capturing the responses on the repeater for response modification, Thank you. Regards

Show if a lab requires Burp Suite Pro - PortSwigger Academy

I find it really annoying trying to solve a lab only to look at the solution and discover you need BurpSuite Pro. All I would like is a little icon to show if it requires the pro version - which a lot of beginners who need...

Option to enable/disable automatic row shifts in repeater/intruder tabs

This is regarding the issue raised by paul https://forum.portswigger.net/thread/repeater-tab-changes-b9afea531603652 Say current repeater window has 31 tabs as I'm testing an API and each tab is a call. I've named them...

Local File Inclusion and Remote code execution request

Good evening portswigger. I recently started learning ethical hacking and bug bounty not too long ago. I have finished the The web application hackers handbook and I'm about half way through your web security academy and I'm...

REST API - Crawl Only

Hi Burp Team, I would like two additional REST API endpoints that support crawl only functionality, mirroring the v2 UI. E.g. /crawl and /crawl/<taskid> Are there any plans to release this functionality in...

Decoder - URL and HTML encode special characters only

Can you please add the ability to Decoder to encode the special URL and HTML characters only? The need to do this comes up quite often during application testing. For example, when looking at the first lab of the burp...

Pretty with word wrapping support

Hi, I think it would be better if you guys support word-wrap for Pretty feature, since working with JSON, some of the values are long and we have to use horizontal scrollbar, and for copying and dragging, it's really worse...

Target - Sitemap - Highlight branch with color

Dear PortSwigger team, is it possible to include a feature to highlight a branch with a specific color in the Target/Sitemap/ panel? Thank you

Renaming Configuration name

Hi, I would love to retain old name of Configuration I chose prior to editing, or being able to set a new one. When I create an Audit configuration like "Audit only parameters", but I want to tweak it on-the-fly (e.g. by...

Intercept Turned On - Requests Not Captured on Proxy But Captured In Http History

Please note that the "Intercept" button is turned on & the Portswigger cert was imported into the browser. When using burp suite, sometimes the requests are not shown in the proxy tab but instead it's captured in the http...

Macro editor improvements

Hi, when debugging Macros, I need to remove/re-record macros many times until they are properly fine-tuned. Would it be possible to add enable/disable check-boxes for individual requests in Macro Editor? That would greatly...

Duplicate button in upstream proxy

Hi, could you please add "Duplicate" functionality for upstream proxies? Usually most of the destination hosts have identical proxy settings, and right now I need to copy+past everything multiple times. Thanks:)

No more activations allowed for this license.

Dear team, I just migrated from windows laptop to another archlinux laptop, i activated license twice in windows and vm on the host. When i tried to activate burp pro in arch, it showed the issue 'No more activations...

Proxy Original Request Vs Edited Request

Love the new split view on the proxy history with the request/response! The drop down to flip between the original and edited though is a pain. Going back through the proxy history for reporting and flipping between these...

highlight strings in modified request

I know that there is a comparer for this, but it would be quite useful if in the same proxy highlight the modified char/bin when you intercept. I want to add that the new selection of modified request makes it...

Save Embedded Browser Settings

Any changes made to the settings of the embedded Chromium browser are reverted when the application is closed. This includes the removal of installed extensions. It would be helpful if the browser settings could be saved...

OAuth authentication

At the moment, burp enterprise does not support Authenticated scanning with OAUTH and SSO. Going forward it is good to have a login sequence recorder to overcome such issues

Beautifier small enhancement

Hello, In the last versions the very good feature of viewing either "pretty" or "raw" in http viewer is very good - thanks for that. small issue there - when using the "pretty" mode than it is being applied on the...