Feature Requests - Page 50 - Burp Suite User Forum

OWASP Top 10 updated (2017)

OWASP TOP 10 has been revised for 2017... noteably there are 3 new vulnerabilities listed; A4 - Broken Access Control, A7 - Insufficient Attack Protection, and A10 - Underprotected APIs. When do you plan on updating your...

Support CWE ID in reports

Like other professionals, we use CWE for classify vulnerabilities. In our case we try to use several tools and correlate vulnerabilities in this way. Thank to that we can create custom reports using our description of...

Security standards

Do the vunarabilities identified are classified to any security standards (OWASP/CWE)? Also whether the latest scanner covers all the OWASP 2017 top 10 vunarabilities ?

Built in Scripting Language

So that a testar can script requests and responses on the fly without the pain of writing custom extensions. Extensions are awesome, but sometimes the timeframe is very limited, kicking the "write an extension for this" out...

Is there anyway to automatic resend request with 5xx Status in Intruder module.

Is there anyway to automatic resend request with 5xx Status & "no response" in Intruder module. I always have to manual resend 100k or more request with 5xx Status or "no response" after 10m request. Which is very...

Per-Extension IRequestResponse Comment

Adding a comment to a IRequestResponse object can be useful for a number of things. However, not all extensions consider that this is a shared field and may overwrite values set by other extensions. A solution to this may...

Add duplicate token detection to Sequencer

I was recently working on a badly broken app that had home rolled session tokens (never a good thing). The token entropy was so bad that there were even duplicates in the sequence. Now, whilst this is the kind of thing...

Allow custom color highlighting

I like the color highlighting of requests in the proxy http history, but the hard-coded colors are mostly too bright/vibrant. It would be nice to be able to use a custom color so I can use softer colors.

Getting the time when a request was made

Let me put this straight. I have configured burpsuite proxy and everything correctly. How do I find the exact time and date a request was made? For example when I go to www.google.com, I want burpsuite to show me...

Search among extensions

Hi! the BApp Store currently includes nearly 200 extensions. When having a specific need, I systematically go the Web version (https://portswigger.net/bappstore) and Ctrl+F the page. That requires Internet access, breaks...

Dark theme

Hi! Hackers love to hack by night. And our eyes are so fragile... To be short: I can't wait testing 2beta10 and its new dark theme :-D https://twitter.com/Burp_Suite/status/1055436883805827073 Looking forward!!

Site map - Filter by Tools

In the Site Map tree, I can see many payloads (in folder and file names) which were used by Active scanner (alone, or by some extension during the Active Scan). Such payloads are: %00grqjw%22a%3d%22b%22sc35f %00prompt(1)...

Integrat Burp with TFS build

Hello, Kindly I would like to know if we can integrate Burp with Microsoft Team Foundation Server (TFS) or if we can integrate the test result into TFS. Also, is possible to run the test as continuous integration? Thanks...

Extend SQL recognition to responses

The Active scanner in Burp already identifies SQL statements within queries as potential SQL injection vulnerabilities. However, some applications log the executed SQL statements in the HTML output as comments or in an HTML...

Double click to open existing project

It's a commonly implemented UI pattern that when a dialog has a list that you can select elements from and a button to commit to that selection, double clicking an element on the list performs both actions (selecting the...

how to capture windows based authentication application

Hi, how to capture windows based authentication application thanks, Anju.

Disable notification to upgrade to Burp 2.0

Can you please add an option to disable notification to upgrade to Burp 2.0? I'm planning on staying in Burp 1.x for now. It gets tedious click close each time I open Burp.

Specify user/project resolvers

Hello! I've often found myself in need of switching DNS for an assessment, for various reasons, and I believe that being able to override the system resolvers via Project / User options would be quite handy.

Intruder - Payload Processing: Macro - Add prefix/suffix

On some circustances there is the need to process a dynamic value like anti-csrf token and append this to a parameter. I'm not sure this could be helpful to others, anyway should be a great feature.

spider

When will the professional version of the crawler support front-end frameworks like VUE? In the face of such systems, the reptiles became furnishings.