Feature Requests - Page 3 - Burp Suite User Forum

Expose Proxy History Meta Information for Extender API

Hi! Great product. The subject really says it all. I would really like to be able to access the meta information (timestamp, IP, etc.) for each request/response interaction from the Extender API so I can consume it within a...

Indication on modules complete

Hey team, hope you guys are doing good. On learning path page of the website, it shows all the modules available. Also while going through topics, we have a button to mark module as "Complete". So, I guess, it'll more...

Great academy, but could do with a few minor improvements

The first would have to be the wiener:peter login id and password. It's a bit childish. I can understand the humor, but I bet it's gonna rub women the wrong way. Just a minor thing. The main issue I have is with the...

Make Predefined Payload Lists recursive

Currently when you load custom lists from a directory in 'Preset Payload Lists', the payloads that are shown do not include sub-directories or their files. It would be great to have a directory of commonly used lists that...

Follow XDG directory specification

Hello, I would like the developers of the Burp Suite to consider implementing XDG directory specification in order to remove unnecessary $HOME clutter. By storing config, cache and user data under $XDG_CONFIG_HOME...

Extension API for WebSocket

Hi, more and more applications every day use WebSockets. In order to handle everyday assessments, it could be great to be able to be able to add Extensions also related to WebSockets, like IHttpListener to tamper traffic,...

Cluster bomb - Username enumeration via account lock

Hi, Currently working on lab "Vulnerabilities in password-based login - Username enumeration via account lock", and after sending cluster bomb attack, there is no length variation for valid account. Even I divided in...

Intruder and SNI

Hi, In recent assessment I would like to brute-force domains for a class of IP addresses (port 443, with SSL/TLS) using the Intruder of Burp Suite. New intruder versions allow to insert the insertion point also in the...

Hello

I have some issues with one of my licenses. The second license that tooked, that expires on september 2023 , when i try to activate i receive the error message that "Too many activations on this licese". I had some issues...

Progress reset

Hello, I would like to reset my labs and materials progress. Can you please reset it?

Custom Burp Collaborator Responses

It would be cool if there was an "intercept" feature for burp collaborator RESPONSES. Basically when a request comes into the collaborator, it could give an interface similar to the proxy intercept interface that allows you...

Differentiate between 'In-Scope' and 'Out of Scope'

* As a user with multiple sites listed in the Site map * I'd like to be able to differentiate between sites that are in-scope and sites that are out-of-scope * So that I can see what sites have been found and...

Integrate Burp Suite Enterprise with GitHub Actions

Hi, Please publish a GitHub action that will scan the target site and create the results in GitHub security dashboard

Windows Arm64

Windows Arm is starting to be popular. With Windows JDK I can use the JAR version - https://learn.microsoft.com/en-us/java/openjdk However, the Chromium inside is win64 It is a huge difference in performance with...

BRUTE FORCE LOGIN FORM

Hey guys i am starting-blocks with burp with brute force méthode login form. I tried to use it on website specialized for vulnérability and it seems to work gréât. When i make a request, burp gave the username and the...

Make use of the del key to be able to delete a line in the HTTP history

Hello, As you can see by the subject it is pretty easy and it's even surprising that it is not here by default. When we want to delete the reqs one by one and we quickly want to check if they are not useful, we need to...

Corporate BAppStore

Hi Team, would it be possible to have a "corporate" BAppStore which would extend the current BAppStore and allow testers to point BurpSuite to that BAppStore to download not only the official BApp extensions, but also...

the ability to reset a lab

after mucking about with: https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-stealing-cookies i ended up messing the pages with csrf reuests\blocking the comment form. even though i can send...

Reset labs

Could you reset all my labs and progress?

Ability to turn off proxy in Burp Browser

I think it will be helpful to have the option to turn off the proxy on Burp Browser while navigating a site. Use cases: Log in to a website without capturing the login credentials in Burp, or wanting to leave out the...