Burp Suite User Forum
Hi, I was thinking about a new functionality, which I believe may be very helpful during manual testing:) It would be using a library of pre-defined regular expressions and custom messages/colorings. If the response...
When I open Audit details -> Audit items -> double-click on request of my choice, I can only see "Base request" and "Base response". Could you bring back the "Issues" tab, which would list the issues found for the specific...
Could you please assist us how to install and configure the burpsuite on a server and what are the minimum requirements for the installation.
It would be quite nice to be able to tear the two Options menus off (Project & User) like the rest. There are times where flipping some switches is part of my testing workflow. -m
If I select certain tab in 'Proxy > HTTP History', it is kept open even if I change to a different request line (e.g. 'Original response', 'Auto-modified response'). The same does not happen in 'Target > Site map > Issues'...
When browsing through issues in the Target->Site map it would be very helpful if Burp can remember which Tab is selected. For example lets say we have 59 Cacheable HTTPS responses. Currently in order to go over them one...
Is there documentation on how to integrate BurpSuite into the CICD pipeline? For example, once developers check in code into a source repository, a build is pushed to the development. Once the build is complete, I would like...
Hello, I have 3 questions. 1) How to prevent Mod_security being activated when using the burp suite? Websites are blocking my ip address... to solve this problem I want to automatically change my IP address each X...
I observed that burp scanner sends attack payloads in unquoted JSON attributes, which usually results in server side parsing errors. I repeated the attack request with quoted attribute and there were no parsing errors. Will...
IWhent Jop
Dear Team, During my assessment of a Web app, BurpSuite gave below High Vulnerabilities: 1. Out-of-band resource load (HTTP) 2. External service interaction (DNS & HTTP) Example of a Request &...
An ability to intercept non-HTTP protocols (perhaps an API feature to let users code extensions for relevant protocols). A situation arrived at work involving SIP. Getting the traffic to pass through Burp was easy, but...
Would be great to auto-highlighting based on a regex match. Specifically would be great to use this for visually separating sessions if we could match a by cookie header.
It would be great to know which "Insertion points" the Scanner used for a certain request (aka "Scan item"): right now only the total number of them is showed, but not their location.
Add a way to duplicate a repeater tab
Currently if I want to browse some website through Burp with an NTLM authentication I need to provide to Burp the credentials. Since by design NTLM is prone to re(p)lay attack, why can't Burp just replay the challenges and...
Hi , I am using Burpsuite Pro edition 1.7.35 and i am big fan of Burpsuite Extensions. I use plenty of them and the problem that i face while using them is that the name of some of these extensions is so long that it...
Apologies if this is a duplicate, I haven't found a similar request. I'd like to request a feature which adds a user-configurable name or title field to each entry under Upstream Proxy Servers. I work at a place with a...
Currently the collaborator it allow only to understand if a specific request generate an interaction with the collaborator on own payload. It would be very useful to add a feature to show in burp also exfiltrated...
During pentest of some apps it's very handy to login as multiple users for testing interactivity issues and other things. I just setup multiple listeners to make that easy. It would be super helpful if you could assign a...
Page 49 of 64
Your source for help and advice on all things Burp-related.