Burp Suite User Forum

Create new post

report

Hey, Burp should add a feature to export Report according to OWASP top 10 vulnerability.

Last updated: Jun 14, 2018 08:54AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

IPv6 Support

Burp suite currently doesn't support IPv6, except through /etc/hosts tinkering (which fails if there are redirects in the application e.g. to absolute IPs). IPv6 is widely deployed in a number of markets and a professional...

Last updated: Jun 13, 2018 02:42PM UTC | 4 Agent replies | 3 Community replies | Feature Requests

Add a hint to proxy error pages about out of scope responses when dropping out of scope requests

Hello, It may be helpful for troubleshooting to add a hint to proxy error pages about out of scope responses when dropping out of scope requests. Users may forget that the under the project options tab, connections...

Last updated: Jun 12, 2018 07:15AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Dynamically create proxy autoconfig files

Love your product, been using it for over a decade. I just had an idea for a feature that I think would be really interesting and useful. You could dynamically create a proxy autoconfig file that would only proxy items...

Last updated: Jun 06, 2018 07:02AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

suite-wide level traffic blacklist

Hope to add a scope blacklist option."Don't send items to Proxy history or other Burp tools, if in scope black list". and take effect before any other rules that filte traffic. if we just don't want to see noises like...

Last updated: Jun 04, 2018 07:18AM UTC | 1 Agent replies | 1 Community replies | Feature Requests

New Intruder payload processing rules

- Character length - Modify case: reverse/invert case (also in Case Modification payload type) - Reverse string - Trim whitespace (leading, trailing, both)

Last updated: May 30, 2018 10:48AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Intruder: allow negative Step values for Character Blocks, Dates payload types

.

Last updated: May 30, 2018 10:46AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Detailed scanner activity

Hello, it often happens that Burp causes 100% CPU usage when the Static Code Analysis is enabled, which is to be expected to a certain degree. Something that would really help understanding what's going on would be some...

Last updated: May 26, 2018 09:23AM UTC | 2 Agent replies | 2 Community replies | Feature Requests

Single thread possibility

Hi, with your new update in changing the # of threads into # of concurrent rate limit; could it be possible to limit Active scan to a single thread? I test apps which often have very complex session management, or...

Last updated: May 23, 2018 02:21PM UTC | 3 Agent replies | 3 Community replies | Feature Requests

Content Discovery button for add items to sitemap, or cancel it

Hello. In some cases Content Discovery may find many trash and add it to sitemap. If you don`t wait it, you not uncheck box of automatically site map add items. I think, it`s will be good for button for: 1. Add in sitemap...

Last updated: May 23, 2018 01:52PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

burp should support none http proxy

burp should support none http proxy, some application use none http to login, so if i proxy the http request, the application can not login! please handle this problem.

Last updated: May 21, 2018 07:41AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

test{{2*5}}

"><img src=x onerror=prompt(2)> <h1>test</h1> x

Last updated: May 19, 2018 12:18PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

test{{2*5}}

"><img src=x onerror=prompt(2)> <h1>test</h1> x

Last updated: May 19, 2018 12:17PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

option to select/deselect all when picking scan issues

In Scanner / Options / Scan Issues, there isn't a way to quickly disable or enable all issues. I only wanted to scan for SQLi but had to manually click through every other issue to turn it off. An option to turn them all...

Last updated: May 17, 2018 09:22AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

User options: Burp collaborator settings

Hello, it would be very usefull to add a "Burp collaborator settings" into the User options and add a standard "override" feature in the project options. The people who has is own collaborator server otherwise have to...

Last updated: May 14, 2018 02:48PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Burp Collaborator Polling server proxy/socks setting

It would very usefull to set a proxy and socks configuration for the polling server of the burp collaborator. Currently no upstream proxy is used. Maurizio

Last updated: May 14, 2018 02:32PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Request chaining

Hi, I'm testing APIs. In the request, I can upload files, and insert plenty of data. Let's name it /person/edit/123. After it succeeds, I'm returned only true/false. Then I need to request another URL to see what data has...

Last updated: May 10, 2018 12:40PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Content Discovery make it more clear what has been discovered

I my opinion it is not clear at all what has been discovered using the Content Discovery functionality. Please make it clear in the sitemap what exactly has been discovered. Perhaps you guys could simply add an extra column...

Last updated: May 09, 2018 07:52PM UTC | 4 Agent replies | 5 Community replies | Feature Requests

Force spider engine to wait for page to load (Automated spider)

Hello, I was testing an intensive application this week and noticed that the spider tool wasn't finding a lot of the content on the site. The spidering was done through a scheduled task, so there was no manual browsing...

Last updated: May 08, 2018 08:52AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Option to turn off 'OR' based SQL injection tests

Hey, I noticed that the Burp Suite scanner uses 'OR' based SQL Injection tests by default, and that there is no option to disable this either. I was wondering if it would be possible to add an option in detection methods...

Last updated: May 03, 2018 09:12AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Page 50 of 64

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image