Burp Suite User Forum
As our sites have had to limit SSL and support robust ciphers we have been receieveing "javax.net.ssl.SSLException' errors . To get around this issue we have Proxy chained ZAP proxy. ZAP proxy works because SSLv2...
Hi, Could the new Dynamic analysis tab have the same features as the Request and Response tabs? 1. The ability to search. 2. Payload nonce highlighting. Thanks, Ryan
Team, You should consider adding a functionality to stop the Scan in the Enterprise Edition.
I'd like to see Burp Suite Pro available on Chocolatey, which I am using along with puppet to manage software installations for our Windows 10 laptops at my company.
Is there any update on when Burp 2 will be out of beta. I would love to move to using this version of the application but my company won't move forward with it while it says Beta in the name.
Hey Guys, I have 2 questions regarding charset support in the Content-Type header of a request. This relates to Burp community edition version v1.7.36 1. When charset is set to UTF-16 BE BOM, Burp seems to properly...
Hi Team, During my security testing using Burp suite, I felt this feature would be very helpful hence requesting your help in adding this in the upcoming versions. Requested feature is as follows: Under proxy...
Hi Team, I am from Mindtree and we have recently purchased two burpsuit desktop licenses. details provided below. Now one of the license should be transferred to out of Mindtree user. As per license terms can we transfer....
Could you add a filter to the HTTP History tab allowing selection of only edited requests/responses? Also would it be possible to make the comment column in the HTTP History table editable so that you don't have to use...
Hello. Please, add this features. 1) Add creation of a scheduled scan through api 2) Auto creating jira tasks based on the level of criticality and the choice of the jira project, depending on the url or name scan....
Hello, I use Burp scanner regularly and I observed two issues with reflected XSS detection. 1. Sometimes, burp sends the XSS payloads without URL encoding and reports the reflection as XSS. However, all major...
Hello, Certain sites check the Referer HTTP header for CSRF protection, but accept request without Referer in order to avoid breaking functionality. One general method to strip the Referer header is to use a <meta...
Burp Suite Enterprise Edition v1.0.14beta can not download update files throught proxy (downloading stops after ~5 minutes). We have already check our proxy, all works fine. Also i can not install update via .zip file.
Sounds like a silly feature, but I have to redact passwords and other stuff in screenshots all the time. It would be hella cool if Burp had a redaction option so I don't have to fire-up a photo editor. It would save HOURS...
This is only possible for requests passing thru proxy but not when conducting automated scanning. Thanks!!
I would like the ability to review JSON parameters within the Analyze Target feature. This would be highly beneficial when testing API's.
When I have a name of the cookie which is changing with different sessions (cookie name is dynamic as well), Burp stores each new name in the cookie jar and then sends it within the requests. Within a session management,...
Hello, Authorization checks with Burp could be faster if it was possible to have multiple creds, with checkboxes, for a same host in Platform Authentication. You'd be able to do your tests using creds A then uncheck them...
BURP 2.0.18Beta issued a finding about our site's SSL certificate. I believe it found a seeming inconsistency between the "alt" DNS names allowed by the certificate and the host name. But the site presents a different,...
I'm trying to do active scanning on my current test but I've got a problem that the login session occasionally dies for no apparent reason and when it does this in the middle of a scan the results from that point on are...
Page 48 of 66
Your source for help and advice on all things Burp-related.