Feature Requests - Page 48 - Burp Suite User Forum

Use BouncyCastle library to eliminate javax.net.ssl.SSLException errors in Burp

As our sites have had to limit SSL and support robust ciphers we have been receieveing "javax.net.ssl.SSLException' errors . To get around this issue we have Proxy chained ZAP proxy. ZAP proxy works because SSLv2...

Dynamic analysis tab improvements

Hi, Could the new Dynamic analysis tab have the same features as the Request and Response tabs? 1. The ability to search. 2. Payload nonce highlighting. Thanks, Ryan

Add a functionality to stop the Scan in the Enterprise Edition

Team, You should consider adding a functionality to stop the Scan in the Enterprise Edition.

Burp Suite Pro Edition on Chocolatey

I'd like to see Burp Suite Pro available on Chocolatey, which I am using along with puppet to manage software installations for our Windows 10 laptops at my company.

Burp 2 stable.

Is there any update on when Burp 2 will be out of beta. I would love to move to using this version of the application but my company won't move forward with it while it says Beta in the name.

HTTP request charset support.

Hey Guys, I have 2 questions regarding charset support in the Content-Type header of a request. This relates to Burp community edition version v1.7.36 1. When charset is set to UTF-16 BE BOM, Burp seems to properly...

Additional Column request in the Proxy Listeners

Hi Team, During my security testing using Burp suite, I felt this feature would be very helpful hence requesting your help in adding this in the upcoming versions. Requested feature is as follows: Under proxy...

Burpsuite desktop license transfer

Hi Team, I am from Mindtree and we have recently purchased two burpsuit desktop licenses. details provided below. Now one of the license should be transferred to out of Mindtree user. As per license terms can we transfer....

HTTP History - Filter on Edited Requests

Could you add a filter to the HTTP History tab allowing selection of only edited requests/responses? Also would it be possible to make the comment column in the HTTP History table editable so that you don't have to use...

Add scheduled scan through api and auto creating jira tasks

Hello. Please, add this features. 1) Add creation of a scheduled scan through api 2) Auto creating jira tasks based on the level of criticality and the choice of the jira project, depending on the url or name scan....

False positives in XSS findings

Hello, I use Burp scanner regularly and I observed two issues with reflected XSS detection. 1. Sometimes, burp sends the XSS payloads without URL encoding and reports the reflection as XSS. However, all major...

Referer strip for CSRF PoC generator

Hello, Certain sites check the Referer HTTP header for CSRF protection, but accept request without Referer in order to avoid breaking functionality. One general method to strip the Referer header is to use a <meta...

Burp enterprise update error

Burp Suite Enterprise Edition v1.0.14beta can not download update files throught proxy (downloading stops after ~5 minutes). We have already check our proxy, all works fine. Also i can not install update via .zip file.

Black-on-black highlighting to redact passwords and such for screenshots

Sounds like a silly feature, but I have to redact passwords and other stuff in screenshots all the time. It would be hella cool if Burp had a redaction option so I don't have to fire-up a photo editor. It would save HOURS...

Adding and Replacing HTTP/S Headers in Scanner

This is only possible for requests passing thru proxy but not when conducting automated scanning. Thanks!!

Analyze Target - JSON Parameters

I would like the ability to review JSON parameters within the Analyze Target feature. This would be highly beneficial when testing API's.

Emptying cookie jar with new session

When I have a name of the cookie which is changing with different sessions (cookie name is dynamic as well), Burp stores each new name in the cookie jar and then sends it within the requests. Within a session management,...

Add checkboxes for entries in "Platform Authentication"

Hello, Authorization checks with Burp could be faster if it was possible to have multiple creds, with checkboxes, for a same host in Platform Authentication. You'd be able to do your tests using creds A then uncheck them...

SSL certificate finding

BURP 2.0.18Beta issued a finding about our site's SSL certificate. I believe it found a seeming inconsistency between the "alt" DNS names allowed by the certificate and the host name. But the site presents a different,...

See the requests being made while active scanning

I'm trying to do active scanning on my current test but I've got a problem that the login session occasionally dies for no apparent reason and when it does this in the middle of a scan the results from that point on are...