Burp Suite User Forum

Create new post

Evaluating Burp Enterprise by scanning real-time projects

Hello, I have been evaluating Burp ENT beta version for more than two weeks. I did scan some dummy and local websites (comparatively small). Everything went smooth. But, When I tried scanning for an actual...

Last updated: Dec 14, 2018 06:28AM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Support Center Bug Reports

Can we get email notifications when someone replies to a bug report? It's pretty annoying to get back to the site until someone replied, and then having to look for the issue again. Thanks, Luca

Last updated: Dec 13, 2018 11:23AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Burp Collaborator further protocols

Hi Burp Team, The burp collaborator is an awesome tool, I often use other protocols on top of HTTP/S and SMTP/S when testing SSRF and XXE however. Do you plan on supporting FTP/S or other protocols? As a dirty hack, one...

Last updated: Dec 06, 2018 09:08AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Enforce sending of TLS client certificate

When configuring a TLS client certificate in Burp, it is only used when the server requests it in the TLS handshake. However, it would be very helpful if there would be a checkbox, which enforces usage of the TLS client...

Last updated: Dec 03, 2018 11:47AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

OWASP Top 10 updated (2017)

OWASP TOP 10 has been revised for 2017... noteably there are 3 new vulnerabilities listed; A4 - Broken Access Control, A7 - Insufficient Attack Protection, and A10 - Underprotected APIs. When do you plan on updating your...

Last updated: Nov 28, 2018 10:11AM UTC | 2 Agent replies | 2 Community replies | Feature Requests

Support CWE ID in reports

Like other professionals, we use CWE for classify vulnerabilities. In our case we try to use several tools and correlate vulnerabilities in this way. Thank to that we can create custom reports using our description of...

Last updated: Nov 23, 2018 11:52AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Security standards

Do the vunarabilities identified are classified to any security standards (OWASP/CWE)? Also whether the latest scanner covers all the OWASP 2017 top 10 vunarabilities ?

Last updated: Nov 23, 2018 11:52AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Built in Scripting Language

So that a testar can script requests and responses on the fly without the pain of writing custom extensions. Extensions are awesome, but sometimes the timeframe is very limited, kicking the "write an extension for this" out...

Last updated: Nov 20, 2018 09:57AM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Is there anyway to automatic resend request with 5xx Status in Intruder module.

Is there anyway to automatic resend request with 5xx Status & "no response" in Intruder module. I always have to manual resend 100k or more request with 5xx Status or "no response" after 10m request. Which is very...

Last updated: Nov 08, 2018 10:25PM UTC | 2 Agent replies | 4 Community replies | Feature Requests

Per-Extension IRequestResponse Comment

Adding a comment to a IRequestResponse object can be useful for a number of things. However, not all extensions consider that this is a shared field and may overwrite values set by other extensions. A solution to this may...

Last updated: Nov 06, 2018 02:22PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Add duplicate token detection to Sequencer

I was recently working on a badly broken app that had home rolled session tokens (never a good thing). The token entropy was so bad that there were even duplicates in the sequence. Now, whilst this is the kind of thing...

Last updated: Nov 01, 2018 11:48AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Allow custom color highlighting

I like the color highlighting of requests in the proxy http history, but the hard-coded colors are mostly too bright/vibrant. It would be nice to be able to use a custom color so I can use softer colors.

Last updated: Nov 01, 2018 08:09AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Getting the time when a request was made

Let me put this straight. I have configured burpsuite proxy and everything correctly. How do I find the exact time and date a request was made? For example when I go to www.google.com, I want burpsuite to show me...

Last updated: Oct 30, 2018 10:45AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Search among extensions

Hi! the BApp Store currently includes nearly 200 extensions. When having a specific need, I systematically go the Web version (https://portswigger.net/bappstore) and Ctrl+F the page. That requires Internet access, breaks...

Last updated: Oct 26, 2018 11:54AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Dark theme

Hi! Hackers love to hack by night. And our eyes are so fragile... To be short: I can't wait testing 2beta10 and its new dark theme :-D https://twitter.com/Burp_Suite/status/1055436883805827073 Looking forward!!

Last updated: Oct 26, 2018 11:21AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Site map - Filter by Tools

In the Site Map tree, I can see many payloads (in folder and file names) which were used by Active scanner (alone, or by some extension during the Active Scan). Such payloads are: %00grqjw%22a%3d%22b%22sc35f %00prompt(1)...

Last updated: Oct 25, 2018 12:26PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Integrat Burp with TFS build

Hello, Kindly I would like to know if we can integrate Burp with Microsoft Team Foundation Server (TFS) or if we can integrate the test result into TFS. Also, is possible to run the test as continuous integration? Thanks...

Last updated: Oct 25, 2018 09:54AM UTC | 6 Agent replies | 6 Community replies | Feature Requests

Extend SQL recognition to responses

The Active scanner in Burp already identifies SQL statements within queries as potential SQL injection vulnerabilities. However, some applications log the executed SQL statements in the HTML output as comments or in an HTML...

Last updated: Oct 19, 2018 02:53PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Double click to open existing project

It's a commonly implemented UI pattern that when a dialog has a list that you can select elements from and a button to commit to that selection, double clicking an element on the list performs both actions (selecting the...

Last updated: Oct 19, 2018 08:17AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

how to capture windows based authentication application

Hi, how to capture windows based authentication application thanks, Anju.

Last updated: Oct 19, 2018 06:56AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Page 48 of 65

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image