Feature Requests - Page 38 - Burp Suite User Forum

Temporary project execution window does not open(임시프로젝트 실행창이 안뜨네요)

I am using the community version, but the temporary project execution window does not appear? (커뮤니티버전을 사용하는데 임시프로젝트 실행창이 안뜨네요?)

Introduce a Priority attribute for extensions to allow extensions to clearly indicate if they should be loaded first/last

Example/Problem: Logger++ benefits from being loaded as the final extension in order to log data transformed by any other extensions loaded. Currently it is a manual task to move Logger++ to the bottom of the extensions...

Not able to use license

Hi team, Please help , not able to user burp license.

Adding list of content types to Intruder lists

Hi, it would be perfect, if there was an official "list" of content types, which I could use in Burp Intruder for finding file upload related vulnerabilities:) Would it be possible to compile such list and simply add it...

Brute force 2FA

Dear team, please look over the exercise under the name "Lab: 2FA bypass using a brute-force attack " please, consider using shorter BF methods as in this one you need to brute force 10,000 requests in 1 thread. its...

how dose portswigger company decides what is a business account to make a deal with

i have been trying to request a trial of burp suite enterprice but the first step is to enter a business account i tried with outlook and gmail accounts but with no use

Windows XP SP3

What is the latest version of Burp Suite Pro Comaptible with Windows XP SP3?

Managing Multiple Targets

I find it challenging sometimes to organize tabs (repeater and intruder) when managing engagements with multiple targets. I would like to suggest a UI feature to either switch the presence of tabs based upon a chosen...

Websockets API support

I'm running into wss more as we see the shift towards single page, media rich applications. As such, I often find the need to implement custom deserialization of binary websockets messages. It would be helpful if I could...

Burp Chromium Browser Integration Improvements

Dear Portswigger Team, it would maybe be useful to have the (optional) feature to add the target scope URLs (basic) to the Chromium Web Browser as bookmarks espacially for each project. Opening a project with one URL in...

Burp Start

Hi, Target Scope should be prompted once the user opens the burp suite so that we can configure automatically our target scope upon start up.

API Scanning

Hi Team, I am unable to find configurations for API scanning I think its not available for trial version. Can you please look into this ? Many Thanks

Live passive crawl misses some information about HTML forms

Hello, the "Form submission" feature of passive crawling misses two features when adding to the site map: - it doesn't log the parameter names and values defined in HTML forms - it doesn't set the HTTP method (i.e. use...

Need Rest apis to add a scanning feature on my website.

Hello, As you scan webapps to get vulnerability. I also want to add similar feature on my website. So do you provide REST apis for it?

Make it possible to filter only 404 (Not Found)

On different places you are able to filter your results. Also for status code like "4xx". But in many cases you want to see results like 403 or 401 but not 404.

how we can capture API activity through a webpage scan.

We are Scanning a webpage and it contains both Web elements and API, When we do scan and Crawling tool is able to Parse the API's and we are not able to see any kind of request and response related to API. Please...

Match & Replace for Websockets

I know there was a post about it a few years ago, but I want to suggest this again: Match & Replace for Websockets. I know I can send them to the repeater and change from there, but I'm testing an application that has a...

Save Intruder Tabs on Close

Please provide ability to save Intruder tabs along with target, positions, payloads and options when Burp is closed. Currently Repeater tabs are saved but Intruder are not. When working on a long project for web...

Skip fields named 'password' by default in Active Scans

During a test where a username and password was passed in for every request to a web-service, I noted that it seemed reasonable to skip fields named 'password' by default in active scans. I added that to a comprehensive...

Proxy JS File Support

Working on-site sometimes we require to set upstream proxy servers to a JS file which switches the specific proxy/server to connect to based on the destination IP address. Support for this file format would be useful in...