Feature Requests - Page 48 - Burp Suite User Forum

[Burp Enterprise] Configure scan_callback from the web UI

Hi, We would find useful being able to set the scan_callback property allowed by the API when manually configuring scans from the web UI. Is it possible / is it on the roadmap? Thanks, Javi

Match and Replace

Hi, I think that a useful feature in tab Proxy --> Options --> Match and Replace can be the possibility to Duplicate a role. Thanks, Lorenzo

Need to extend logging mechanism in burp.

Hello, If someone wants to save logs of all requests for external use the only known for me method is to use Project options -> Misc -> Loggiing. It's because there is no any library (as far as I know) for parsing...

Sort Extensions

In the 'Extender' tab, under 'Extensions' it would be useful to be able to sort the extensions by 'Loaded', 'Type', or 'Name'. For example, when clicking the column title.

Refine Collaborator Everywhere headers

Hi I ran into an assessment where the application used the "Referer:" header for portions of how the application worked. This became more noticeable when using the applications "Back" button feature. In order to use Burp...

Connection tracking on low level request

Hello, I would like to have a feature to track all connection requested on the proxy (at low level). Currently via Burp it's not possible to have a list of request executed via BURP but not handled correctly. For...

Burp 2: Application Login - credentials test button

Hi, I love the new Application Login. Would it be possible to have a Test/Try button there? After clicking on this button, the new Chromium rendering view could be opened, showing the page after successful login (or better...

Burb Target Tab Grouping

Add an option to group targets by parent domain, like: a.test1.com b.test1.com c.test1.com a.test2.com b.test2.com c.test2.com Currently, they are only sorted by the full...

Web Security Academy - Show Unfinished

Good Afternoon, It would be very nice to have a way to filter out all of the completed sections and only see what's left to be done. I completed 100% of the labs and content shortly after it was released. A short...

Automatically Scan

Hi everyone, I'd like to do an authenticated scan of a site. The problem is that authentication takes place on a domain other than my scope. How can I perform the authenticated scan of my scope ? Thank you very much

Ignore 302's in "Discover content" tool

I *love* the Discover content tool, and use it a lot. Unfortunately, on several jobs I've run into the issue where the web server was configured to respond with 302 instead of 404 when a non-existent URL path was...

Add dark mode to burp suite community editon

For windows 10 make so it adapts to system settings

Intercepting AMF requests

I'm facing big time problem with Burp not able to intercept any AMF requests.Is there any condition that would help burp to intercept them? PS; All other requests from the same web application is passing through burp...

Pause Proxy/HTTP history scrolling

I'd like to be able to pause scrolling on the Proxy/HTTP history tab. I'm looking back through hits but the site does polls for data every 10 seconds so the list is constantly moving. I know I could filter out the polls...

Burp Collaborator SMTP/S follow hostname resolution set in project options

I would like to see SMTP/S Connection Heath Checks for Burp Collaborator listen to the Hostname Resolution settings in Project Options > Connections. Right now it seems to follow for HTTP & HTTPS requests but not for...

Wildcard support Hostname Resolution

I would love to be able to have wildcard * support for the Hostname Resolution settings in Proxy Options > Connections.

Scanner / Scan configuration / View (or edit) built-in configuration from library

The built-in scanner configuration available in the library look nice but I would like to view the exact settings they contain, before deciding to use them or create my own. Maybe you could re-use the UI to create new scan...

Burp Collaborator Enhancement Requests

When performing manual testing, it's not possible to detect out-of-band interactions which occur after the Burp Collaborator Client is closed. This means payloads that are fired weeks or months later are not detected (even...

BurpSuite Professional Activation Limit

I am trying to install BurpSuite Licensed version from 1 system to another, after uninstalling it on the previous one. But I am getting a maximum activation limit error when I am trying to activate the same on the 2nd...

Can you re-enable the Burp state file in Burp v2?

Dear Portswigger support team, The latest version of burp is creating gigantic files. Can you re-enable the Burp state file export option in Burp V2? That would save a lot of space on tester's machine without losing...