Burp Suite User Forum

WS-Security (WSS)

Please support OASIS Web Services Security (WSS), or short: WS-Security - https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss Soap UI for example already fully supports it:...

Last updated: Jan 13, 2020 02:04PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

XSS into Java Script

Hello, I have a question again. About context into JavaScript, "Terminating the existing script" I understood. The question appears when I go to the lab for practice, >>Reflected XSS into a JavaScript string with single...

Last updated: Jan 13, 2020 08:57AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Add a "Response Received" column in Proxy History

This column already exists in Intruder results (though not shown by default), and it would be very helpful for some situations in the Proxy History. For example, I've proxied sqlmap through Burp before, and unless I'm...

Last updated: Jan 10, 2020 06:07PM UTC | 4 Agent replies | 7 Community replies | Feature Requests

Rest API Scanning

Is there an anticipated timeline available for api scanning feature to be available in BurpSuite Enterprise?

Last updated: Jan 09, 2020 11:04AM UTC | 3 Agent replies | 2 Community replies | Feature Requests

Save displayed columns in Intruder

Would it be possible to save the selection of displayed columns in an Intruder Attack (either by default on exit or as option)? Thanks for looking into it!

Last updated: Jan 07, 2020 11:52AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

XSS contexts / XSS in HTML tag attributes

Hello. I am learning about XSS as you can see, and I can’t understand a little bit about that scriptable context: " autofocus onfocus=alert(document.domain) x=" , I understand what autofocus and onfocus do, but I have no...

Last updated: Jan 07, 2020 10:21AM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Extender callback to add a column to Proxy/Intruder/etc results

Hi, Sometimes it would be useful to have a custom column when displaying history/results - especially for Intruder, but also for Proxy History. This would allow things like Content Length to be shown (vs Length), plus other...

Last updated: Jan 07, 2020 09:27AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Burp Enterprise and Extensions support

Hi, does the Burp Enterprise support extensions (from BApp store)? Or is this support in development roadmap? thanks pavel

Last updated: Jan 07, 2020 09:06AM UTC | 3 Agent replies | 2 Community replies | Feature Requests

Requestin to reset a lab

Hello there i have somehow messed up a lab which is click jacking ui thing. Please do rest the first lab of it.

Last updated: Jan 03, 2020 02:38PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Disable Http Trace Method

Dear Team, Even though i am disabling HTTP Trace method using the Approach mentioned under Issue definition sub tab under Target Tab, but still our burp tool is listing that method as allowable , please suggest any...

Last updated: Jan 02, 2020 10:55AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Multi-Payload encoding rules and Encoding options for Scanner

Hi, It would be nice if you could add support for encoding rules in intruder or scanner. This need comes from many websites where base64 encoded JSONs are used to transfer information between the client and the backend....

Last updated: Dec 30, 2019 10:28PM UTC | 2 Agent replies | 2 Community replies | Feature Requests

Multiply scans at once with Burp Enterprise

I would like to know if there's an option to load multiple/bulk web URLs and schedule scans for multiple/bulk web URLs. If there's an API for this, could you point me to it?

Last updated: Dec 23, 2019 03:51PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Severity / Confidence Labeling - add option of CONFIRMED

When right clicking on an issue, is there any way can you add an additional option of "Confirmed" to the "Set Confidence" menu? (Maybe with a check-mark icon and different colored circle based on severity?) Just as you've...

Last updated: Dec 23, 2019 09:47AM UTC | 2 Agent replies | 3 Community replies | Feature Requests

Allow individual scan audit items to be paused.

I often find myself having to cancel and re-scan an individual audit item when it is slowing down the scan. It would be a great if individual items could be paused and restarted later during the scan.

Last updated: Dec 19, 2019 08:48AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Feature: URL-safe base64 encoder

Burp Base64 decoder is not URL-safe. When decoding encoding strings with URL-safe generated by tools like below, actual values cannot be obtained. http://www.simplycalc.com/base64url-encode.php

Last updated: Dec 11, 2019 09:56AM UTC | 0 Agent replies | 3 Community replies | Feature Requests

Any access with proxy

Hello, the proxy doesn't work on any computer for me. I have followed the instructions given on your site (burp, browser and certificate configuration). I tried using it on a Mojave Mac OS, Windows 8.1 and Debian 18.04...

Last updated: Dec 09, 2019 09:15AM UTC | 3 Agent replies | 2 Community replies | Feature Requests

Add "Search Bapp Store" Box

The Burp App Store is growing and there are many new additions from last year even. How about a search box that scans the names and description files to filter down the list. So, CSRF will display plug-ins that contain...

Last updated: Dec 03, 2019 09:30PM UTC | 2 Agent replies | 2 Community replies | Feature Requests

Burp Enterprise: Client SSL Certificate Support and Scanner Agent Affinity

Are there plans to implement client certificate authentication (PKCS12 and PKCS11) options/support into Burp Suite Enterprise matching the capabilities of the Pro...

Last updated: Dec 02, 2019 01:01PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Burp XML Parser Functionality in Extender API

Hi, I posted another question in the Customer Portal (found here: https://support.portswigger.net/customer/portal/questions/17672747-xml-tab-reparse-programmatically ) regarding the XML "Reparse" functionality available...

Last updated: Dec 02, 2019 11:21AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

websockets 'Send to' repeater & intruder

More and more of the Web apps I am pen-testing rely on Websockets for their main communication channel, and vector for XSS/sql-injection/CSRF etc. This would be very helpful if the functionality existing that exists for...

Last updated: Nov 27, 2019 08:59AM UTC | 7 Agent replies | 13 Community replies | Feature Requests

Page 4 of 28

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image