Burp Suite User Forum

[Burp Enterprise] Configure scan_callback from the web UI

Hi, We would find useful being able to set the scan_callback property allowed by the API when manually configuring scans from the web UI. Is it possible / is it on the roadmap? Thanks, Javi

Last updated: Nov 26, 2019 09:31AM UTC | 3 Agent replies | 3 Community replies | Feature Requests

Cannot adjust severity ratings for Burp Enterprise

I am unable to find a way in the UI to change the severity ratings. It would be beneficial to have a way to adjust a rating depending on the validation of a finding manually.

Last updated: Nov 22, 2019 08:27AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Match and Replace

Hi, I think that a useful feature in tab Proxy --> Options --> Match and Replace can be the possibility to Duplicate a role. Thanks, Lorenzo

Last updated: Nov 13, 2019 01:11PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Need to extend logging mechanism in burp.

Hello, If someone wants to save logs of all requests for external use the only known for me method is to use Project options -> Misc -> Loggiing. It's because there is no any library (as far as I know) for parsing...

Last updated: Nov 08, 2019 02:21PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Sort Extensions

In the 'Extender' tab, under 'Extensions' it would be useful to be able to sort the extensions by 'Loaded', 'Type', or 'Name'. For example, when clicking the column title.

Last updated: Nov 07, 2019 02:54PM UTC | 2 Agent replies | 2 Community replies | Feature Requests

Refine Collaborator Everywhere headers

Hi I ran into an assessment where the application used the "Referer:" header for portions of how the application worked. This became more noticeable when using the applications "Back" button feature. In order to use Burp...

Last updated: Oct 31, 2019 03:22PM UTC | 2 Agent replies | 2 Community replies | Feature Requests

Connection tracking on low level request

Hello, I would like to have a feature to track all connection requested on the proxy (at low level). Currently via Burp it's not possible to have a list of request executed via BURP but not handled correctly. For...

Last updated: Oct 31, 2019 10:08AM UTC | 4 Agent replies | 2 Community replies | Feature Requests

the ability to reset a lab

after mucking about with: https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-stealing-cookies i ended up messing the pages with csrf reuests\blocking the comment form. even though i can send...

Last updated: Oct 25, 2019 06:58AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Burp 2: Application Login - credentials test button

Hi, I love the new Application Login. Would it be possible to have a Test/Try button there? After clicking on this button, the new Chromium rendering view could be opened, showing the page after successful login (or better...

Last updated: Oct 21, 2019 10:36AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Burb Target Tab Grouping

Add an option to group targets by parent domain, like: a.test1.com b.test1.com c.test1.com a.test2.com b.test2.com c.test2.com Currently, they are only sorted by the full...

Last updated: Oct 17, 2019 09:44AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Web Security Academy - Show Unfinished

Good Afternoon, It would be very nice to have a way to filter out all of the completed sections and only see what's left to be done. I completed 100% of the labs and content shortly after it was released. A short...

Last updated: Oct 15, 2019 08:15PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Automatically Scan

Hi everyone, I'd like to do an authenticated scan of a site. The problem is that authentication takes place on a domain other than my scope. How can I perform the authenticated scan of my scope ? Thank you very much

Last updated: Oct 15, 2019 10:10AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Live passive crawl misses some information about HTML forms

Hello, the "Form submission" feature of passive crawling misses two features when adding to the site map: - it doesn't log the parameter names and values defined in HTML forms - it doesn't set the HTTP method (i.e. use...

Last updated: Oct 15, 2019 09:37AM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Ignore 302's in "Discover content" tool

I *love* the Discover content tool, and use it a lot. Unfortunately, on several jobs I've run into the issue where the web server was configured to respond with 302 instead of 404 when a non-existent URL path was...

Last updated: Oct 11, 2019 01:05PM UTC | 6 Agent replies | 14 Community replies | Feature Requests

Add dark mode to burp suite community editon

For windows 10 make so it adapts to system settings

Last updated: Oct 11, 2019 07:21AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Intercepting AMF requests

I'm facing big time problem with Burp not able to intercept any AMF requests.Is there any condition that would help burp to intercept them? PS; All other requests from the same web application is passing through burp...

Last updated: Oct 10, 2019 01:47PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Pause Proxy/HTTP history scrolling

I'd like to be able to pause scrolling on the Proxy/HTTP history tab. I'm looking back through hits but the site does polls for data every 10 seconds so the list is constantly moving. I know I could filter out the polls...

Last updated: Oct 08, 2019 02:37PM UTC | 2 Agent replies | 2 Community replies | Feature Requests

Burp 2: Application Login - 2nd authentication step

The New Login Credentials accept username and password. Would it be possible to introduce an optional 2nd authentication step, like PIN (with static value)? For example, user needs to fill in username+password, followed by...

Last updated: Oct 07, 2019 09:58AM UTC | 5 Agent replies | 5 Community replies | Feature Requests

Burp Collaborator SMTP/S follow hostname resolution set in project options

I would like to see SMTP/S Connection Heath Checks for Burp Collaborator listen to the Hostname Resolution settings in Project Options > Connections. Right now it seems to follow for HTTP & HTTPS requests but not for...

Last updated: Sep 30, 2019 02:48PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Wildcard support Hostname Resolution

I would love to be able to have wildcard * support for the Hostname Resolution settings in Proxy Options > Connections.

Last updated: Sep 30, 2019 02:36PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Page 5 of 28

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image