Burp Suite User Forum

Create new post

Burp v2.0.04beta - change User Agent

I know you are now using Chromium browser. However, the environment I test on simply tells me "Your browser is not supported" and the default crawling doesn't work (gives up after 10 requests to / ). Would it be possible...

Last updated: Feb 07, 2019 12:18PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Add all missing Decoder algorithms to Intruder payload processing

.

Last updated: Feb 04, 2019 01:47PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Restrict search in responses or requests only

Hello, Burp is awesome, it would be even more awesome if it were possible, when searching for a string, to restrict the search only in requests or responses. For example, searching for an auth token only in the responses,...

Last updated: Jan 28, 2019 03:31PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Monospaced font in the decoder tool

It would be really great if the decoder tool could be made to use the font specified in the HTTP Message Display setting instead of the one used for the general UI, this would also improve the hex representation, thanks!

Last updated: Jan 28, 2019 09:14AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Help please asap

How do get online course?

Last updated: Jan 11, 2019 09:17AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Getting ISSUE on Burp suite

i am getting this ISSUE when using the burp suite in ALERT tab :Software cause the connection abort : recv failed. Please could you give me the solution for this ISSUE ? and Please tell me the step by step process the to...

Last updated: Jan 09, 2019 11:09AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Use cookies switch in Repeater

Hi, Many times, I need to test authenticated and unauthenticated stuff manually in Repeater. I know that I can go to settings and check the checkbox to use cookies/session management rules for Repeater, but that is pretty...

Last updated: Jan 07, 2019 02:01PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Display colors for Background and Font

Is it possible to change the display background to darker theme, e.g. black or dark grey. I suffer from Scotopic Sensitivity Syndrome, so i find difficult to read from white background. I would prefer to change the font...

Last updated: Jan 04, 2019 08:02AM UTC | 6 Agent replies | 22 Community replies | Feature Requests

Evaluating Burp Enterprise by scanning real-time projects

Hello, I have been evaluating Burp ENT beta version for more than two weeks. I did scan some dummy and local websites (comparatively small). Everything went smooth. But, When I tried scanning for an actual...

Last updated: Dec 14, 2018 06:28AM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Support Center Bug Reports

Can we get email notifications when someone replies to a bug report? It's pretty annoying to get back to the site until someone replied, and then having to look for the issue again. Thanks, Luca

Last updated: Dec 13, 2018 11:23AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Burp Collaborator further protocols

Hi Burp Team, The burp collaborator is an awesome tool, I often use other protocols on top of HTTP/S and SMTP/S when testing SSRF and XXE however. Do you plan on supporting FTP/S or other protocols? As a dirty hack, one...

Last updated: Dec 06, 2018 09:08AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Enforce sending of TLS client certificate

When configuring a TLS client certificate in Burp, it is only used when the server requests it in the TLS handshake. However, it would be very helpful if there would be a checkbox, which enforces usage of the TLS client...

Last updated: Dec 03, 2018 11:47AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

OWASP Top 10 updated (2017)

OWASP TOP 10 has been revised for 2017... noteably there are 3 new vulnerabilities listed; A4 - Broken Access Control, A7 - Insufficient Attack Protection, and A10 - Underprotected APIs. When do you plan on updating your...

Last updated: Nov 28, 2018 10:11AM UTC | 2 Agent replies | 2 Community replies | Feature Requests

Support CWE ID in reports

Like other professionals, we use CWE for classify vulnerabilities. In our case we try to use several tools and correlate vulnerabilities in this way. Thank to that we can create custom reports using our description of...

Last updated: Nov 23, 2018 11:52AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Security standards

Do the vunarabilities identified are classified to any security standards (OWASP/CWE)? Also whether the latest scanner covers all the OWASP 2017 top 10 vunarabilities ?

Last updated: Nov 23, 2018 11:52AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Built in Scripting Language

So that a testar can script requests and responses on the fly without the pain of writing custom extensions. Extensions are awesome, but sometimes the timeframe is very limited, kicking the "write an extension for this" out...

Last updated: Nov 20, 2018 09:57AM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Is there anyway to automatic resend request with 5xx Status in Intruder module.

Is there anyway to automatic resend request with 5xx Status & "no response" in Intruder module. I always have to manual resend 100k or more request with 5xx Status or "no response" after 10m request. Which is very...

Last updated: Nov 08, 2018 10:25PM UTC | 2 Agent replies | 4 Community replies | Feature Requests

Per-Extension IRequestResponse Comment

Adding a comment to a IRequestResponse object can be useful for a number of things. However, not all extensions consider that this is a shared field and may overwrite values set by other extensions. A solution to this may...

Last updated: Nov 06, 2018 02:22PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Add duplicate token detection to Sequencer

I was recently working on a badly broken app that had home rolled session tokens (never a good thing). The token entropy was so bad that there were even duplicates in the sequence. Now, whilst this is the kind of thing...

Last updated: Nov 01, 2018 11:48AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Allow custom color highlighting

I like the color highlighting of requests in the proxy http history, but the hard-coded colors are mostly too bright/vibrant. It would be nice to be able to use a custom color so I can use softer colors.

Last updated: Nov 01, 2018 08:09AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Page 49 of 66

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image