Feature Requests - Page 39 - Burp Suite User Forum

Highlight built-in browser's traffic in Proxy History

It would be great if you can show requests made by Burp's built-in browser in a different colour to those requests generated by an external browser pointing at Burp. This would be really useful for when you are testing...

Increase distinction between application tabs and Repeater etc. tabs

Prior to the new UI, there was a gap of ~5 pixels between the main Burp tabs (Repeater, Intruder, etc.) and the tabs for an individual component, and the current tab was highlighted a different colour. In the new UI there is...

Hide From Proxy - Right-Click Option

It would be extremely useful to have a right-click option of 'Prevent Burp From Proxying' that could auto-regex a domain and remove it from showing up in proxy history (or any other tools). When testing a site with...

need scroll feature in "Action"

when we use multiple extensions then in Proxy tab, whenever we click on Action button then scroll feature is not there so that we can not able to use all features provided by Action button.

Add option to highlight to Target tab

Being able to highlight items with different colors in the Target Tab could take the place of a plugin like this https://github.com/Regala/burp-scope-monitor. I could use it to mark areas that still need coverage. PS you...

Search regex extract

I'd like to have a way to have Burp Search extract all the values that match a certain regex or results between a start and end regex. This would be similar to the feature in Intruder that can extract values based on two...

Checkbox for unauthenticated/authenticated crawl/audit

Hi, could you please introduce some checkbox, whether the Crawl+Audit should be authenticated, unauthenticated, or both? I have a huge scope (thousands of JSP files), I set login, and after 24h it's still only making...

Make Burp a distributed system

Hello, Last week I was testing a huge application with tens of thousands pages and my work was time throttled by my testing workstation. I guess it would be a huge amount of work but it could be very useful to be able to...

Please bring back the "Headers" view

Before the introduction of the "Inspector" sidebar, there was an option to set different views for requests and responses (Headers, Raw, Hex ...). These were very useful for reporting as we could do screenshots and show...

Timing requests

Add a feature in intruder/repeater to start requests at a specific time and not in a specific time

Playback on recorded login

Hi In order to debug problems with "recorded login" fucntionality like : "Failed to replay sequence Login : expected navigation after clicking on ... but none occurred" Competing offer playback feature, can you do the...

Javascript dependent Login Page unable to use Automated Scan Feature

Hey! If the login page only works with JavaScript enabled. Then the automated scan feature is not working. It says login page not found. As discussed in this post...

Rest API Scanning

Is there an anticipated timeline available for api scanning feature to be available in BurpSuite Enterprise?

CSV Export of vulnerabilities

Hello, Is there a way to export vulns via a CSV file instead of the normal HTML report?

A button to pause all the traffic generated by Extenders

Hi, Would it be possible to implement "Pause all Extender traffic" button, which would also be applied to Extenders? For example, if I try to guess parameters using Param Miner, but I would like to pause all the traffic...

Burp 2: Application Login - 2nd authentication step

The New Login Credentials accept username and password. Would it be possible to introduce an optional 2nd authentication step, like PIN (with static value)? For example, user needs to fill in username+password, followed by...

additional decoder compression options

It would be really useful if decoder had options to deal with deflate and brotli as well as gzip ...

SQL injections after Burp Scan

Hello everyone, I have the Burp Suite Professional v2020.9.1 I scan the same target with the same software twice. The first time that I scan the target, the results that the tool produces are with SQL Injections as...

An option to copy highlights and comments from sitemap to proxy history

Rationale: I am one of those who tests web applications interactively, rather than navigating through whole application and testing each item in sitemap after that. During the testing I add comments in sitemap to some...

Request Permission to Bind to privileged Ports on Mac and Linux

Greetings, A common use case I have is to use burp to invisibly proxy desktop applications. In order to do so on the Mac OS, I need to either run burp as root from command line, or start another process to redirect to an...