Burp Suite User Forum

Create new post

Target: Issues - Selected tab should be kept open when browsing findings (like Proxy History does)

If I select certain tab in 'Proxy > HTTP History', it is kept open even if I change to a different request line (e.g. 'Original response', 'Auto-modified response'). The same does not happen in 'Target > Site map > Issues'...

Last updated: Sep 05, 2018 07:37PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Remember which TAB is selected (Advisory-Request-Response) when browsing through Issues

When browsing through issues in the Target->Site map it would be very helpful if Burp can remember which Tab is selected. For example lets say we have 59 Cacheable HTTPS responses. Currently in order to go over them one...

Last updated: Sep 05, 2018 07:33PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Integrate BurpSuite Scan into the CICD Pipeline

Is there documentation on how to integrate BurpSuite into the CICD pipeline? For example, once developers check in code into a source repository, a build is pushed to the development. Once the build is complete, I would like...

Last updated: Aug 30, 2018 09:17AM UTC | 3 Agent replies | 4 Community replies | Feature Requests

How to prevent Mod_security being activated when using the burp suite?

Hello, I have 3 questions. 1) How to prevent Mod_security being activated when using the burp suite? Websites are blocking my ip address... to solve this problem I want to automatically change my IP address each X...

Last updated: Aug 29, 2018 10:42AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Attack payloads in unquoted JSON attributes

I observed that burp scanner sends attack payloads in unquoted JSON attributes, which usually results in server side parsing errors. I repeated the attack request with quoted attribute and there were no parsing errors. Will...

Last updated: Aug 23, 2018 07:58AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Joop

IWhent Jop

Last updated: Aug 23, 2018 01:21AM UTC | 0 Agent replies | 0 Community replies | Feature Requests

External service interaction (DNS & HTTP)

Dear Team, During my assessment of a Web app, BurpSuite gave below High Vulnerabilities: 1. Out-of-band resource load (HTTP) 2. External service interaction (DNS & HTTP) Example of a Request &...

Last updated: Aug 21, 2018 12:38PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Intercept non HTTP protocols

An ability to intercept non-HTTP protocols (perhaps an API feature to let users code extensions for relevant protocols). A situation arrived at work involving SIP. Getting the traffic to pass through Burp was easy, but...

Last updated: Aug 21, 2018 10:09AM UTC | 1 Agent replies | 5 Community replies | Feature Requests

Auto Highlighting

Would be great to auto-highlighting based on a regex match. Specifically would be great to use this for visually separating sessions if we could match a by cookie header.

Last updated: Aug 09, 2018 09:17AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

View insertion points of "Scan items" in the scanner

It would be great to know which "Insertion points" the Scanner used for a certain request (aka "Scan item"): right now only the total number of them is showed, but not their location.

Last updated: Jul 30, 2018 12:38PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Have a "Duplicate Tab" option in repeater

Add a way to duplicate a repeater tab

Last updated: Jul 25, 2018 07:28AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

NTLM Replay

Currently if I want to browse some website through Burp with an NTLM authentication I need to provide to Burp the credentials. Since by design NTLM is prone to re(p)lay attack, why can't Burp just replay the challenges and...

Last updated: Jul 24, 2018 07:29AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Tab Name Editing

Hi , I am using Burpsuite Pro edition 1.7.35 and i am big fan of Burpsuite Extensions. I use plenty of them and the problem that i face while using them is that the name of some of these extensions is so long that it...

Last updated: Jul 19, 2018 10:16AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Adding a name field to the Upstream Proxy Servers list

Apologies if this is a duplicate, I haven't found a similar request. I'd like to request a feature which adds a user-configurable name or title field to each entry under Upstream Proxy Servers. I work at a place with a...

Last updated: Jul 19, 2018 07:58AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Collaborator feature to exfiltrate data

Currently the collaborator it allow only to understand if a specific request generate an interaction with the collaborator on own payload. It would be very useful to add a feature to show in burp also exfiltrated...

Last updated: Jul 05, 2018 12:08PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

automatically color communications by listener

During pentest of some apps it's very handy to login as multiple users for testing interactivity issues and other things. I just setup multiple listeners to make that easy. It would be super helpful if you could assign a...

Last updated: Jun 28, 2018 01:09PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Disable Infiltrator payloads with ease

As part of Active Scan, I know I can fine-tune heuristics to disable Infiltrator for some individual issues. However, I need to sort by Detection Methods, and open each of them to check if Infiltrator is enabled, and then...

Last updated: Jun 22, 2018 10:14AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Can you remove the two click-throughs on loading Burp, or let me set defaults?

When I open Burp in OS X, I have to click through two screens - the first for project creation/load (defaults to 'Temporary project'), and the second the config loader (defaults to 'Use Burp defaults'). I would love have...

Last updated: Jun 22, 2018 09:14AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Issue object also record the original HTTP Message(base request and response)

Hi Team, Hope Issue object also record the original HTTP Message(base request and response) when record the HTTP messages on the basis of which the issue was generated. why I need this? I want to write a...

Last updated: Jun 20, 2018 08:56AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Randomize Scanning Order Queue

Is it possible to randomize the order of the scanning queue? If not, can I access the queue from Jython? Thanks Jonas

Last updated: Jun 20, 2018 08:33AM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Page 49 of 64

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image