Feature Requests - Page 40 - Burp Suite User Forum

Adding certificates to the trust store in order to get Burp updates

Would it be possible to add something in the user options in Burp to add a certificate to the trust store? In some environments in order to reach the internet you must go through a proxy and sometimes that proxy is...

License exhausted after trying MAC OS BIG SUR

I am unable to use my license after formatting my Macbook on multiple times after trying new operating systems.

Academy Request

Hello, I just wanted to mention how much I you guys had a suggested learning path for beginners. I love the learning but I just often don't know where I should go? I started with sqli but now I'm kindof lost and not sure...

Possibility to add some extra HTTP header to DAST request - Burp Enterprise

Hi, We already have the possibility to add some extra HTTP header to Burp Pro request but not with Burp Enterprise. We need this to bypass some Captcha in our preproduction environment in order to be able to scan all our...

"Simulate login" button

Hi, would it be possible, for the new recorded login, to click on "simulate" or something similar? So that the Chromium browser would start, and perform the login so that we can be sure it is working without problems. At...

Bruteforce with CSRF login protected

Hi, We cannot bruteforce login that protected with CSRF Tokens for each login. So, the new feature request is to bruteforce with new request every time (bruteforcing where it grabs new tokens each request)

CMS and Library Vulnerabilities

Goodmorning, For a year we have been using burpsuite enterprise to verify the security of our web applications. Unfortunately we must note that the product does not provide information about libraries and CMS used by the...

My name and company name change PLZ

My name is lee hanki. This is the name of the person in charge of the business you did business with, so please change it Please change the company name as well. The company name is korea east-west power.

Resume crawl+audit after (incomplete) crawl+audit is completed

Hi, Could you add some "Resume" Crawl after Audit complete option? For example, if I set limit of Crawl to 300 minutes (default), then Burp says "Crawl aborted due to time limit exceeded". Therefore, maybe Crawl would...

Content Discovery Response Regex Filtering

Since a lot of WAFs will return 200s instead of 404s for not found, can you add a regex option to filter responses found? For example, if the response matches the regex, then drop/ignore it so it doesn't clutter the Site...

Add online documentation on IAST

Hi, you have a very nice article on OAST https://portswigger.net/burp/application-security-testing/oast Could you please make something similar with IAST? Since you have Infiltrator, but it doesn't have a proper article,...

Option to enable/disable automatic row shifts in repeater/intruder tabs

This is regarding the issue raised by paul https://forum.portswigger.net/thread/repeater-tab-changes-b9afea531603652 Say current repeater window has 31 tabs as I'm testing an API and each tab is a call. I've named them...

REST API - Crawl Only

Hi Burp Team, I would like two additional REST API endpoints that support crawl only functionality, mirroring the v2 UI. E.g. /crawl and /crawl/<taskid> Are there any plans to release this functionality in...

Target - Sitemap - Highlight branch with color

Dear PortSwigger team, is it possible to include a feature to highlight a branch with a specific color in the Target/Sitemap/ panel? Thank you

Renaming Configuration name

Hi, I would love to retain old name of Configuration I chose prior to editing, or being able to set a new one. When I create an Audit configuration like "Audit only parameters", but I want to tweak it on-the-fly (e.g. by...

Intercept Turned On - Requests Not Captured on Proxy But Captured In Http History

Please note that the "Intercept" button is turned on & the Portswigger cert was imported into the browser. When using burp suite, sometimes the requests are not shown in the proxy tab but instead it's captured in the http...

Macro editor improvements

Hi, when debugging Macros, I need to remove/re-record macros many times until they are properly fine-tuned. Would it be possible to add enable/disable check-boxes for individual requests in Macro Editor? That would greatly...

Duplicate button in upstream proxy

Hi, could you please add "Duplicate" functionality for upstream proxies? Usually most of the destination hosts have identical proxy settings, and right now I need to copy+past everything multiple times. Thanks:)

No more activations allowed for this license.

Dear team, I just migrated from windows laptop to another archlinux laptop, i activated license twice in windows and vm on the host. When i tried to activate burp pro in arch, it showed the issue 'No more activations...

highlight strings in modified request

I know that there is a comparer for this, but it would be quite useful if in the same proxy highlight the modified char/bin when you intercept. I want to add that the new selection of modified request makes it...