Feature Requests

Burp proxy and burp repeater confusion

Hi what is the difference between burp proxy send and burp repeater send?Let's say I changed the id of a request.Does the result of the burp repeater send request gets showed on the website,or you have to change the id on...

Support for TLS 1.0 and 1.1

With the upcoming removal of support for TLS 1.0 and 1.1 in major browsers, will Burp Suite Pro still support these protocols while functioning as a TLS MITM proxy?

Officially support Java 11

Java 8 is going to terminate support at end of this year. Please considering a full support for Java 11.

Side-by-side View

Hi! Currently, displaying a request+response pair side-by-side is only possible in Repeater ("Repeater -> View -> Left/right split" from the menu bar) or via extensions like Flow or Logger++. I use this layout a lot and...

Burp Suite Response Renderer Window Copy Content Feature

Hi, Could you please add the ability to copy content from the Burp Suite Response Renderer window? My use case was that I needed to go back to a previous project to which I no longer had access to using my browser. For...

Report functionality for Enterprise edition

Hi, It is possible or planned for the Enterprise edition a "Generate Report" functionality, like the one that is available on the Professional edition? or even a better one? it would be great if we can generate pdf reports...

request of burpsuite professional

Three to four days ago,i've requested for trial burpsuite professional but yet not received any link to download.please,make it fast...if it's possible.

HTTP history column preferences

Hello, First off this is a truly awesome product, keep up the great work! I was wondering if there was a way to save the preferences of column order view in the HTTP history tab under Proxy. I often like to drag the...

Mahasiswa

Patuhi Orang tuamu

Detect UTF-8 encodings in Content-Type header

Currently request body and response body is decoded with Latin-1, inferred from question 17199168. The "Latin-1" is very ambiguous, but here I suppose "code page 1252" is referred to. According to HTTP standard, if...

content discovery API access?

Hello, I'm working on a project where I'd like programmatic access to the Content Discovery tool. On another thread I read this agent's response: "There isn’t currently any way to use Burp’s own Content Discovery...

What is the role of divis in this script?

We have this script, " '-alert(1)-' ". I tried to execute this script in lab without "-" and it didn't work. So I searched about it, but didn't find anything interesting to make it clearer for myself. Why is divis...

web security academy development

i suggest to add discussion for each lab in web security academy it will be very helpful for example in lab (User ID controlled by request parameter with data leakage in redirect) which details is( This lab contains an...

Burp Professional and Burp Enterprise tool limitations

I am using Burp Enterprise Version: 2020.1-2902, Java version: 9.0.4 and Burp Professional v2.1.04 and I am not getting the same result from both the tools. Could you please provide me the tool Limitations for both.

HTTP/2

The ReSearcher asking HTTP/2 support but Burp didnt add this feature in last 5 years. UnLucky..

Burp 2: Scan Next

Hi, I noticed that "Scan next" is no longer there with Burp 2.1.07. Would it be possible to add it, or some similar Priority-based handling of Items in the Scan Queue?

Filter by highlight color in history tab under proxy

Hello , It would be a useful feature to have a filter based on different colors available for highlighting. One can categorize while testing and then while writing reports , find requests / responses quickly...

Re-run specific Scanner Checks

It would be great to be able to re-run specific scanner checks to check to see if a finding was indeed fixed or not. I realize that most Scanner finding can simply be sent to the repeater and done that way, however, at...

Meaning of the 'Edited' column in 'Proxy / HTTP history'

Hello, from my experience as a trainer, the meaning of the 'Edited' column in 'Proxy / HTTP history' is quite often misunderstood. In fact, students' expectations are coherent, they just don't match the design choices...

HTTP2 support

I would like to test an application running on HTTP2. Do you have any roadmap for supporting HTTP2?