Burp Suite User Forum

Login to post

.NET plugins support

Would be great giving .net support to develop burpsuite plugins

Last updated: Sep 19, 2016 09:45AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Proxy Intercept window: show proxy listener that received the request

Sometimes I configure Burp with multiple proxy listeners going through the same instance. The Proxy History does a great job at being able to separate the traffic with both a dedicated column for the target port and also a...

Last updated: Sep 19, 2016 09:22AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Burp Infiltrator destroys Spring Boot application

Hi, when using Burp Infiltrator on a JAR file, which has been created as a Spring Boot application, then the application is not able to start, especially when embedded server is Jetty. Would be great if Burp...

Last updated: Sep 19, 2016 09:05AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Disable popup window for automatic backups

When automatic backups are enabled, a window pops up and gains operating system focus to display backup process. When Burp is not the active Window, this can interrupt use of other applications. This is common for...

Last updated: Sep 08, 2016 05:42PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Scanner Check For target="_blank" Vulnerability

Hi Portswigger, I would like to see a check added for links with target="_blank" without the rel="noopener noreferrer" attribute. The author of the below article demonstrates that the site which is linked to is able to...

Last updated: Sep 07, 2016 10:20AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Decoder 'Wrap Text' option

Can we have a little tick box on the decoder window to auto wrap text. I hate horizontal scrolling like most people!

Last updated: Sep 06, 2016 01:15PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Add more functionality in "Discover Content"

Hello , you could add more functionality in "Discover Content" like the functionality of a custom list and also an option to stop the specific task(example stop directory brute force in the selected subfolder...)

Last updated: Sep 06, 2016 01:14PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Make target scope lines clickable

Hi, I'm using Burp Suite Professional v.1.7.05 When visiting Target | Scope, you see a list of targets in scope. Currently only the Enabled column is clickable (it toggles the checkbox). It would be great if you could...

Last updated: Sep 05, 2016 11:12AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Burp Sequencer feature - Define payload type

Hello, I would like to see a choice for the Sequencer payload type. Meaning if I want to run statistical tests and entropy for 20000 tokens ,I would like to be able to define exactly what type these tokens can be . An...

Last updated: Sep 03, 2016 05:58PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

Requests grab under some actions

Hello. When analyse big targets with many domains, apps, actions, etc, may be very helpfull function of grab group of requests of concrete action. For example, i test big web-app. In some moment, then i have many data in...

Last updated: Sep 01, 2016 08:01AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Feature request for cookie jar

Hi Just a small request: Would it be possible to add an indication of the cookie flags on cookies stored in cookie jar? That would create an easy overview of the cookies encountered using a test, instead of scrolling...

Last updated: Aug 25, 2016 09:00AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Numbers Intruder payload: Default the min/max fractional digits fields to 0

Out of all the times I've used the Numbers payload in the span of a year and a half, I think I've only used fractional numbers once or twice. Everyone else in the office here has had a similar experience. Please set...

Last updated: Aug 17, 2016 03:41PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Confirm closing Intruder/Repeater tabs

Please add a confirmation dialog box when closing these tabs, as they (a) are the easiest to close by mistake, and (b) contain some of the more important information in a session.

Last updated: Aug 17, 2016 03:34PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Numbers Intruder payload: add support for multiple ranges

Instead of using separate fields for min/max, please change this to a single box that accepts a comma-delimited list of dash-separated inclusive ranges. I.e., 1-50,60-70,80,91-100 (decimal) 0,8-D,20-7E (hex) I think...

Last updated: Aug 17, 2016 03:24PM UTC | 0 Agent replies | 1 Community replies | Feature Requests

Add a processing stack to Grep Extract

Sometimes it's very handy to be able to apply some processing, such as URL or HTML decoding, to extracted values, instead of needing to export to a table (in the case of Intruder results), and then figure out how to apply...

Last updated: Aug 16, 2016 03:29PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Burp Infiltrator Exclusions

Please add the ability to exclude specific packages or classes from the Burp Infiltrator installer.

Last updated: Aug 16, 2016 02:55PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Case Modification Intruder payload: add brute force mode

Please add an option that iterates through all the combinations of upper- and lowercase letters for each position. I.e., for an input string "abc", the output should be: abc aBc abC aBC Abc ABc AbC ABC While...

Last updated: Aug 15, 2016 07:38PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

Support CA Certificate Generation for Certs&Keys Greater Than 1024bit

Especially Apple is now enforcing "Best Practices" via App Transport Security. As a workaround I used this guide: https://nabla-c0d3.github.io/blog/2015/12/01/burp-ios9-ats/ Thank you.

Last updated: Aug 11, 2016 12:53PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

External service interaction (DNS)

Hi ! I have scanned a target address and found "External service interaction (DNS)" vulnerability. Is this related to DNS Zone Transfer? and How do i rate this vulnerability according to 1 to 10? please help me ASAP...

Last updated: Aug 04, 2016 01:13PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Global UI indicator that Live Active Scanning is enabled

There have been times that I've opened a project file, or returned to a project and forgot Live Active Scanning is enabled. Since almost every action in burp is very explicit, requiring user interaction. When live active...

Last updated: Jul 22, 2016 08:45AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Page 38 of 44

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image