Burp Suite User Forum

Login to post

OWASP

Some of our client like to map issue to known standards. Is there anyway to correspond the vulnerability with OWASP top 10 number (if it relates to it).

Last updated: Dec 31, 2015 02:56AM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Intruder Dates payload: extend functionality to include times

The helpfulness of this payload when fuzzing a date/time parameter is automatic handling of the wrapping of values back to 1 when appropriate (i.e., avoid March 32nd). Extending the Dates payload with time components (down...

Last updated: Dec 22, 2015 06:54PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Improve flexibility of Proxy Match and Replace

There are already a couple of requests to handle specific use cases of conditional Match and Replace that were declined -- and I have my own use case as well -- but I'd like to suggest a couple of generic options that could...

Last updated: Dec 22, 2015 01:23PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Numbers Intruder payload: add an option to request all in a range randomly instead of sequentially

.

Last updated: Dec 17, 2015 07:02PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

Remember setting for "Request in Browser: current/original session" In future just copy and skip

It would be nice if there was a permanent setting for "in future just copy and skip dialog." Bonus points for hotkeys for original/current session. Thanks for BSP...

Last updated: Dec 16, 2015 05:51AM UTC | 0 Agent replies | 0 Community replies | Feature Requests

force update check

Already posted here and then noticed, this is the new way to do it. http://forum.portswigger.net/thread/1686/force-update-check Current situation/problem: Burp only checks for new versions on startup. So when you can...

Last updated: Dec 15, 2015 08:00PM UTC | 3 Agent replies | 3 Community replies | Feature Requests

Map findings to OWASP and WASC Threat Classification v2.0

Every finding should be mapped to OWASP at a minimum. Every effort should be made to also map to WASC Threat Classification v2.0: http://projects.webappsec.org/w/page/13246978/Threat%20Classification

Last updated: Dec 13, 2015 08:51PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

New and updated findings

Scanner > Issue definition: Delete: Type index Add: Creation date Add: Modification date

Last updated: Dec 13, 2015 08:45PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

Show start/finish time of each item in the 'Scan queue'

I know there is logging available but this feature would be useful as another column

Last updated: Dec 02, 2015 02:21PM UTC | 2 Agent replies | 0 Community replies | Feature Requests

Burp Suite would be more useful if the software provided a server running version

Potentially a web interface, so that it could sit on a test server as a stub, with the ability to inspect and reject packet history. The ability to only inspect the UI locally makes it limited in usefulness for sitting in...

Last updated: Nov 30, 2015 02:34PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

How do I avoid referer header

I am using burp to check the security level of our web application. But my application usually checking referer header. If this header is changed, session will be time out. So, how do I test my web application except for...

Last updated: Nov 27, 2015 08:44AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Error Output

Hi, I'm abend. Burp didn't start installing bapp store's item , because I mistook bad proxy setting. I want to output errorlog on Alerts tab that it can't install. regards

Last updated: Nov 22, 2015 06:50AM UTC | 0 Agent replies | 0 Community replies | Feature Requests

Support base64 for bit flipper payload

Currently the bit flipper payload can handle ASCII hex or literal values, but often I want to flip bits in a base64 payload. It would be super nice if this were built in!

Last updated: Nov 20, 2015 11:21AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

multi instances with one user license on the same machine

using different projects and different Burp instances for each target. with one user license, on the same machine.

Last updated: Nov 16, 2015 09:13AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Add an option to disable any local domain name resolution when an upstream proxy is being used

For more information see https://support.portswigger.net/customer/portal/questions/12807053-burp-triggers-dns-queries-despite-using-an-upstream-proxy

Last updated: Nov 11, 2015 10:12AM UTC | 0 Agent replies | 0 Community replies | Feature Requests

API Support for repeater & Sequencer

http://forum.portswigger.net/thread/1117/api-sequencer As per your response for API support for Sequencer, it wasn't on the roadmap back in July 2014. Any updates on when this would be available? On a Similar note, do...

Last updated: Oct 30, 2015 01:11PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Decoder - URL decode special characters only

I would like to have the option to decode only the special (or non-alphanumeric) characters in a string. This is commonplace in URL parameters. The decoder seems to only decode/encode ALL characters in the string.

Last updated: Oct 25, 2015 09:56AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Change example.com mail domain in the scanner

The scanner injects the "example.com" domain in a lot of requests. Especially in contact forms it would come in handy to have this customisable to another domain. The solution would be to give a user the option to change...

Last updated: Oct 07, 2015 07:45AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Merge audit results from scans

It would be nice if we could merge results from ongoing scans, similar to static analysis results like fortify or checkmarx, such that we don't have to re-look at false positives that have previously been audited as such.

Last updated: Oct 07, 2015 07:42AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Make filter input field red when active

Hi, I have a small, but potentially time saving request: Could you please make the filter input field in the Target and Proxy tabs turn red when a filter is active? This is purely a visible indication to show the user...

Last updated: Sep 25, 2015 12:53PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Page 41 of 44

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image