Feature Requests - Page 47 - Burp Suite User Forum

web security academy development

i suggest to add discussion for each lab in web security academy it will be very helpful for example in lab (User ID controlled by request parameter with data leakage in redirect) which details is( This lab contains an...

Burp Professional and Burp Enterprise tool limitations

I am using Burp Enterprise Version: 2020.1-2902, Java version: 9.0.4 and Burp Professional v2.1.04 and I am not getting the same result from both the tools. Could you please provide me the tool Limitations for both.

HTTP/2

The ReSearcher asking HTTP/2 support but Burp didnt add this feature in last 5 years. UnLucky..

Burp 2: Scan Next

Hi, I noticed that "Scan next" is no longer there with Burp 2.1.07. Would it be possible to add it, or some similar Priority-based handling of Items in the Scan Queue?

Filter by highlight color in history tab under proxy

Hello , It would be a useful feature to have a filter based on different colors available for highlighting. One can categorize while testing and then while writing reports , find requests / responses quickly...

Meaning of the 'Edited' column in 'Proxy / HTTP history'

Hello, from my experience as a trainer, the meaning of the 'Edited' column in 'Proxy / HTTP history' is quite often misunderstood. In fact, students' expectations are coherent, they just don't match the design choices...

WS-Security (WSS)

Please support OASIS Web Services Security (WSS), or short: WS-Security - https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss Soap UI for example already fully supports it:...

XSS into Java Script

Hello, I have a question again. About context into JavaScript, "Terminating the existing script" I understood. The question appears when I go to the lab for practice, >>Reflected XSS into a JavaScript string with single...

XSS contexts / XSS in HTML tag attributes

Hello. I am learning about XSS as you can see, and I can’t understand a little bit about that scriptable context: " autofocus onfocus=alert(document.domain) x=" , I understand what autofocus and onfocus do, but I have no...

Extender callback to add a column to Proxy/Intruder/etc results

Hi, Sometimes it would be useful to have a custom column when displaying history/results - especially for Intruder, but also for Proxy History. This would allow things like Content Length to be shown (vs Length), plus other...

Requestin to reset a lab

Hello there i have somehow messed up a lab which is click jacking ui thing. Please do rest the first lab of it.

Disable Http Trace Method

Dear Team, Even though i am disabling HTTP Trace method using the Approach mentioned under Issue definition sub tab under Target Tab, but still our burp tool is listing that method as allowable , please suggest any...

Multi-Payload encoding rules and Encoding options for Scanner

Hi, It would be nice if you could add support for encoding rules in intruder or scanner. This need comes from many websites where base64 encoded JSONs are used to transfer information between the client and the backend....

Multiply scans at once with Burp Enterprise

I would like to know if there's an option to load multiple/bulk web URLs and schedule scans for multiple/bulk web URLs. If there's an API for this, could you point me to it?

Severity / Confidence Labeling - add option of CONFIRMED

When right clicking on an issue, is there any way can you add an additional option of "Confirmed" to the "Set Confidence" menu? (Maybe with a check-mark icon and different colored circle based on severity?) Just as you've...

Allow individual scan audit items to be paused.

I often find myself having to cancel and re-scan an individual audit item when it is slowing down the scan. It would be a great if individual items could be paused and restarted later during the scan.

Any access with proxy

Hello, the proxy doesn't work on any computer for me. I have followed the instructions given on your site (burp, browser and certificate configuration). I tried using it on a Mojave Mac OS, Windows 8.1 and Debian 18.04...

Add "Search Bapp Store" Box

The Burp App Store is growing and there are many new additions from last year even. How about a search box that scans the names and description files to filter down the list. So, CSRF will display plug-ins that contain...

Burp Enterprise: Client SSL Certificate Support and Scanner Agent Affinity

Are there plans to implement client certificate authentication (PKCS12 and PKCS11) options/support into Burp Suite Enterprise matching the capabilities of the Pro...

Burp XML Parser Functionality in Extender API

Hi, I posted another question in the Customer Portal (found here: https://support.portswigger.net/customer/portal/questions/17672747-xml-tab-reparse-programmatically ) regarding the XML "Reparse" functionality available...