Feature Requests - Page 41 - Burp Suite User Forum

OAuth authentication

At the moment, burp enterprise does not support Authenticated scanning with OAUTH and SSO. Going forward it is good to have a login sequence recorder to overcome such issues

I've seen that many softwares have IAST tools like Infiltrator (AcuSensor, WebInspect Sensor, etc) and many support only .net and java backends except for AcuSensor that has PHP support too. What about adding support for...

Contributing to the Academy ??

I was recently going over some labs, more specifically XXE. I was wondering can I add to that, or maybe suggest some new ideas. I was thinking of something a little more complicated, something that really makes you think and...

CSRF Generator Doesn't work

Today i attempted a CSRF attack using the generator however turns out that document.forms[0].submit() Doesn't work, it did not submit the request. So i tweaked the code a bit to the following: ...

Vertical / Horizontal / Combined Layout View for Session Handling Tracer?

Could you please add the new buttons for Vertical / Horizontal / Combined View also to the Session handling tracer functionality?

multiple tabs proxy history and highlight requests with regex

It would be a good idea to have multiple proxy history windows with different scopes and the ability to highlight requests using regular expressions

Navigation & View.

May we have ability to open any tab in new window?

More compact display for new HTTP editor

I like the changes in the new HTTP editor, but it would be really nice if there was an option to make the new UI elements a little more compact. In repeater, you now have: The Send/Cancel/Target bar The icons to change...

Search feature for named repeater tabs

Hi there, I generally create a lot of Repeater tabs, and the possibility to name these tabs is really useful. In addition to that, a search feature for the tab names would be great, since it (quicly) becomes tedious to...

HTTP message editor layout for other tools

Hi, v2020.9 is a perfect update:) could you please add HTTP message editor layout options for "Issues", "Issue Activity", "Intruder Attack X" as well? Thanks:)

BurpSuite Pro support for Open JDK

Hi, Does burpsuite pro support open jdk? if yes, which version? Also please let me know if it support any open source java zulu Open JDK?

Screenshot capability | Aquatone equivalent - Extender or Intruder

Can you implement a feature similar to Aquatone in Burp suite? (Aquatone is basically a screenshot taking application written in Go-lang) During my initial recon of a target, I have used Burp Intruder and the "Response"...

Double click on Request or Response tab in the Target View for full screen view

When I double click on the Request or Response tab in the Target View, I would like to see this tab in full screen to better read the contents.

Option to ask to keep previous settings during upgrade

I'm using latest version of BurpSuitePro executable on windows 10 system on an external monitor with 125% scaling. In order for BurpSutePro to scale properly on my computer I have to modify the C:\Program...

Web Server/Application Analyzer

Hi, I know there are some extentions that analyze http headers and contents (like vulnerability software reporter or http headers analyser), but what about a built-in analyzer to adapt burp payloads/engine to web...

Burp Repeater Request

Hi there, For the burp repeater, is there a way to show the request vertically instead of horizontally, just like owasp zap proxy. Request Response instead of Request | Response. On top of which, is it possible...

Feature request regarding the Lab.

If I may request a "Prototype Pollution" category for our Lab. Naturally PortSwigger stays ahead of competition, and is always on point with it's research, and because of that reason I've found it strange that such popular...

Slow Loris Test in BURP?

Hello, Do you think you will add a Slow Loris Test feature ? Regards

Pre-defined extension list

Hi, I don't know if it has been suggested before, but a nice feature would be some way to load some extensions by default (like a whitelist/allowlist). Like I would to load by default "content type converter", "logger++"...

Target Site in the Intruder

Hi, Is it possible to add the option to change the target site in the intruder, to be able to set a payload set for it as well?