Burp Suite User Forum
Hi! Great product. The subject really says it all. I would really like to be able to access the meta information (timestamp, IP, etc.) for each request/response interaction from the Extender API so I can consume it within a...
Hey team, hope you guys are doing good. On learning path page of the website, it shows all the modules available. Also while going through topics, we have a button to mark module as "Complete". So, I guess, it'll more...
The first would have to be the wiener:peter login id and password. It's a bit childish. I can understand the humor, but I bet it's gonna rub women the wrong way. Just a minor thing. The main issue I have is with the...
Currently when you load custom lists from a directory in 'Preset Payload Lists', the payloads that are shown do not include sub-directories or their files. It would be great to have a directory of commonly used lists that...
Hello, I would like the developers of the Burp Suite to consider implementing XDG directory specification in order to remove unnecessary $HOME clutter. By storing config, cache and user data under $XDG_CONFIG_HOME...
Hi, more and more applications every day use WebSockets. In order to handle everyday assessments, it could be great to be able to be able to add Extensions also related to WebSockets, like IHttpListener to tamper traffic,...
Hi, Currently working on lab "Vulnerabilities in password-based login - Username enumeration via account lock", and after sending cluster bomb attack, there is no length variation for valid account. Even I divided in...
Hi, In recent assessment I would like to brute-force domains for a class of IP addresses (port 443, with SSL/TLS) using the Intruder of Burp Suite. New intruder versions allow to insert the insertion point also in the...
I have some issues with one of my licenses. The second license that tooked, that expires on september 2023 , when i try to activate i receive the error message that "Too many activations on this licese". I had some issues...
Hello, I would like to reset my labs and materials progress. Can you please reset it?
It would be cool if there was an "intercept" feature for burp collaborator RESPONSES. Basically when a request comes into the collaborator, it could give an interface similar to the proxy intercept interface that allows you...
* As a user with multiple sites listed in the Site map * I'd like to be able to differentiate between sites that are in-scope and sites that are out-of-scope * So that I can see what sites have been found and...
Hi, Please publish a GitHub action that will scan the target site and create the results in GitHub security dashboard
Windows Arm is starting to be popular. With Windows JDK I can use the JAR version - https://learn.microsoft.com/en-us/java/openjdk However, the Chromium inside is win64 It is a huge difference in performance with...
Hey guys i am starting-blocks with burp with brute force méthode login form. I tried to use it on website specialized for vulnérability and it seems to work gréât. When i make a request, burp gave the username and the...
Hello, As you can see by the subject it is pretty easy and it's even surprising that it is not here by default. When we want to delete the reqs one by one and we quickly want to check if they are not useful, we need to...
Hi Team, would it be possible to have a "corporate" BAppStore which would extend the current BAppStore and allow testers to point BurpSuite to that BAppStore to download not only the official BApp extensions, but also...
after mucking about with: https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-stealing-cookies i ended up messing the pages with csrf reuests\blocking the comment form. even though i can send...
Could you reset all my labs and progress?
I think it will be helpful to have the option to turn off the proxy on Burp Browser while navigating a site. Use cases: Log in to a website without capturing the login credentials in Burp, or wanting to leave out the...
Page 3 of 56
Your source for help and advice on all things Burp-related.