Feature Requests - Page 45 - Burp Suite User Forum

Filter by highlight color in history tab under proxy

Hello , It would be a useful feature to have a filter based on different colors available for highlighting. One can categorize while testing and then while writing reports , find requests / responses quickly...

Meaning of the 'Edited' column in 'Proxy / HTTP history'

Hello, from my experience as a trainer, the meaning of the 'Edited' column in 'Proxy / HTTP history' is quite often misunderstood. In fact, students' expectations are coherent, they just don't match the design choices...

WS-Security (WSS)

Please support OASIS Web Services Security (WSS), or short: WS-Security - https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss Soap UI for example already fully supports it:...

XSS into Java Script

Hello, I have a question again. About context into JavaScript, "Terminating the existing script" I understood. The question appears when I go to the lab for practice, >>Reflected XSS into a JavaScript string with single...

XSS contexts / XSS in HTML tag attributes

Hello. I am learning about XSS as you can see, and I can’t understand a little bit about that scriptable context: " autofocus onfocus=alert(document.domain) x=" , I understand what autofocus and onfocus do, but I have no...

Extender callback to add a column to Proxy/Intruder/etc results

Hi, Sometimes it would be useful to have a custom column when displaying history/results - especially for Intruder, but also for Proxy History. This would allow things like Content Length to be shown (vs Length), plus other...

Requestin to reset a lab

Hello there i have somehow messed up a lab which is click jacking ui thing. Please do rest the first lab of it.

Disable Http Trace Method

Dear Team, Even though i am disabling HTTP Trace method using the Approach mentioned under Issue definition sub tab under Target Tab, but still our burp tool is listing that method as allowable , please suggest any...

Multi-Payload encoding rules and Encoding options for Scanner

Hi, It would be nice if you could add support for encoding rules in intruder or scanner. This need comes from many websites where base64 encoded JSONs are used to transfer information between the client and the backend....

Multiply scans at once with Burp Enterprise

I would like to know if there's an option to load multiple/bulk web URLs and schedule scans for multiple/bulk web URLs. If there's an API for this, could you point me to it?

Severity / Confidence Labeling - add option of CONFIRMED

When right clicking on an issue, is there any way can you add an additional option of "Confirmed" to the "Set Confidence" menu? (Maybe with a check-mark icon and different colored circle based on severity?) Just as you've...

Allow individual scan audit items to be paused.

I often find myself having to cancel and re-scan an individual audit item when it is slowing down the scan. It would be a great if individual items could be paused and restarted later during the scan.

Any access with proxy

Hello, the proxy doesn't work on any computer for me. I have followed the instructions given on your site (burp, browser and certificate configuration). I tried using it on a Mojave Mac OS, Windows 8.1 and Debian 18.04...

Add "Search Bapp Store" Box

The Burp App Store is growing and there are many new additions from last year even. How about a search box that scans the names and description files to filter down the list. So, CSRF will display plug-ins that contain...

Burp Enterprise: Client SSL Certificate Support and Scanner Agent Affinity

Are there plans to implement client certificate authentication (PKCS12 and PKCS11) options/support into Burp Suite Enterprise matching the capabilities of the Pro...

Burp XML Parser Functionality in Extender API

Hi, I posted another question in the Customer Portal (found here: https://support.portswigger.net/customer/portal/questions/17672747-xml-tab-reparse-programmatically ) regarding the XML "Reparse" functionality available...

[Burp Enterprise] Configure scan_callback from the web UI

Hi, We would find useful being able to set the scan_callback property allowed by the API when manually configuring scans from the web UI. Is it possible / is it on the roadmap? Thanks, Javi

Match and Replace

Hi, I think that a useful feature in tab Proxy --> Options --> Match and Replace can be the possibility to Duplicate a role. Thanks, Lorenzo

Need to extend logging mechanism in burp.

Hello, If someone wants to save logs of all requests for external use the only known for me method is to use Project options -> Misc -> Loggiing. It's because there is no any library (as far as I know) for parsing...

Sort Extensions

In the 'Extender' tab, under 'Extensions' it would be useful to be able to sort the extensions by 'Loaded', 'Type', or 'Name'. For example, when clicking the column title.