Feature Requests - Page 42 - Burp Suite User Forum

Detect UTF-8 encodings in Content-Type header

Currently request body and response body is decoded with Latin-1, inferred from question 17199168. The "Latin-1" is very ambiguous, but here I suppose "code page 1252" is referred to. According to HTTP standard, if...

content discovery API access?

Hello, I'm working on a project where I'd like programmatic access to the Content Discovery tool. On another thread I read this agent's response: "There isn’t currently any way to use Burp’s own Content Discovery...

What is the role of divis in this script?

We have this script, " '-alert(1)-' ". I tried to execute this script in lab without "-" and it didn't work. So I searched about it, but didn't find anything interesting to make it clearer for myself. Why is divis...

web security academy development

i suggest to add discussion for each lab in web security academy it will be very helpful for example in lab (User ID controlled by request parameter with data leakage in redirect) which details is( This lab contains an...

Burp Professional and Burp Enterprise tool limitations

I am using Burp Enterprise Version: 2020.1-2902, Java version: 9.0.4 and Burp Professional v2.1.04 and I am not getting the same result from both the tools. Could you please provide me the tool Limitations for both.

HTTP/2

The ReSearcher asking HTTP/2 support but Burp didnt add this feature in last 5 years. UnLucky..

Burp 2: Scan Next

Hi, I noticed that "Scan next" is no longer there with Burp 2.1.07. Would it be possible to add it, or some similar Priority-based handling of Items in the Scan Queue?

Filter by highlight color in history tab under proxy

Hello , It would be a useful feature to have a filter based on different colors available for highlighting. One can categorize while testing and then while writing reports , find requests / responses quickly...

Meaning of the 'Edited' column in 'Proxy / HTTP history'

Hello, from my experience as a trainer, the meaning of the 'Edited' column in 'Proxy / HTTP history' is quite often misunderstood. In fact, students' expectations are coherent, they just don't match the design choices...

WS-Security (WSS)

Please support OASIS Web Services Security (WSS), or short: WS-Security - https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss Soap UI for example already fully supports it:...

XSS into Java Script

Hello, I have a question again. About context into JavaScript, "Terminating the existing script" I understood. The question appears when I go to the lab for practice, >>Reflected XSS into a JavaScript string with single...

XSS contexts / XSS in HTML tag attributes

Hello. I am learning about XSS as you can see, and I can’t understand a little bit about that scriptable context: " autofocus onfocus=alert(document.domain) x=" , I understand what autofocus and onfocus do, but I have no...

Extender callback to add a column to Proxy/Intruder/etc results

Hi, Sometimes it would be useful to have a custom column when displaying history/results - especially for Intruder, but also for Proxy History. This would allow things like Content Length to be shown (vs Length), plus other...

Requestin to reset a lab

Hello there i have somehow messed up a lab which is click jacking ui thing. Please do rest the first lab of it.

Disable Http Trace Method

Dear Team, Even though i am disabling HTTP Trace method using the Approach mentioned under Issue definition sub tab under Target Tab, but still our burp tool is listing that method as allowable , please suggest any...

Multi-Payload encoding rules and Encoding options for Scanner

Hi, It would be nice if you could add support for encoding rules in intruder or scanner. This need comes from many websites where base64 encoded JSONs are used to transfer information between the client and the backend....

Multiply scans at once with Burp Enterprise

I would like to know if there's an option to load multiple/bulk web URLs and schedule scans for multiple/bulk web URLs. If there's an API for this, could you point me to it?

Severity / Confidence Labeling - add option of CONFIRMED

When right clicking on an issue, is there any way can you add an additional option of "Confirmed" to the "Set Confidence" menu? (Maybe with a check-mark icon and different colored circle based on severity?) Just as you've...

Allow individual scan audit items to be paused.

I often find myself having to cancel and re-scan an individual audit item when it is slowing down the scan. It would be a great if individual items could be paused and restarted later during the scan.

Any access with proxy

Hello, the proxy doesn't work on any computer for me. I have followed the instructions given on your site (burp, browser and certificate configuration). I tried using it on a Mojave Mac OS, Windows 8.1 and Debian 18.04...