Burp Suite User Forum

Create new post

Expose intercept state for Burp API

I am currently developing a burp extension and would like to be able to check the state of the "Intercept" button in the proxy tab. I am able to turn on/off the interception but am not able to poll the state. Thanks

Last updated: Feb 07, 2018 03:53PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Decoder - Save/Load to/from File

Hi, It would be really nice for further analysis of decoded stuff to be able to save each buffer of the "Decoder"-Tab into a file. It is hard to copy binary out of it. The only way i see currently is: encode as base64...

Last updated: Feb 06, 2018 11:04AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Recognize PDF types

Currently the “application/pdf” type is recognized as “app” instead of PDF. This is very common in HTTP response, so please label it correctly.

Last updated: Feb 05, 2018 08:37AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Ability to update all extension

It would be nice to have a way to update all the burp extension from the bapps at once. Having a button like "Update all" instead of having to do it one-by-one.

Last updated: Feb 02, 2018 04:36PM UTC | 2 Agent replies | 0 Community replies | Feature Requests

System to "back up" project files in case of crashes.

So as I understand it, the "Save State" functionality is being removed from Burp and being replaced by the project file. My only issue with this is that when Burp / the OS crashes, project files get corrupted. This morning...

Last updated: Feb 02, 2018 04:36PM UTC | 2 Agent replies | 0 Community replies | Feature Requests

An important feature request

Your spider tool should submit the contents of place holder along with the default parameters burp suite have, otherwise the tool miss some important input fields that contains vulnerabilities like sql injection.

Last updated: Feb 02, 2018 11:40AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Persistent Intruder Results

Hi, It would be great if intruder results were persistent and part of the project file. Maybe a "Results" subtab on the same level as "Target, Positions, Payloads, Options" within intruder. Thanks!

Last updated: Jan 25, 2018 10:50AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Change Burp from temporary to disk project mode

When saving a temporary project as a disk project, it would be great to have the option to also convert Burp into disk project mode, so that you can do things which are not possible in temporary project mode like (for...

Last updated: Jan 23, 2018 04:31PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Save intruder

Hello, It would be great If we could save the intrusion tab.

Last updated: Jan 17, 2018 04:56PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Enable/disable cookie jar for Repeater from its tab

During a pentest I find it very useful to switch on and off the ability to use cookies from the Burp cookie jar (for example authorization bypasses and so on). Having to navigate each time to project options, session and...

Last updated: Jan 10, 2018 09:51AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Support Center Watch + Vote feature

Hi, I would like to ask if there could be a way in the future to flag some issues not reported by myself but rather other people, which I could subscribe to to receive an email with any new comment. So like "Watch"...

Last updated: Jan 10, 2018 08:49AM UTC | 4 Agent replies | 3 Community replies | Feature Requests

Intruder to show parameters

It would be good for the Positions tab in Intruder to have a params tab to let you easily select a param value to test.

Last updated: Jan 09, 2018 11:25AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Input returned in response (reflected) - detection in response header exclusion

I have an environment in which there is request URI always reflected in the response “x-request-path” header. Would it be possible to have an option in Scanner -> Options -> Scan Issues -> Edit detection methods? I would...

Last updated: Jan 08, 2018 08:08AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

1.7.30

Hoping that either I am missing the obvious or in the next dot release that a 'deselect all' option/control will be added to the new choose for scanner features. Seems impractical right now to use if I only want to run one...

Last updated: Jan 05, 2018 08:04AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

HTTP Parameter Pollution

Are there plans to implement HTTP Parameter Pollution tests? More info: https://www.owasp.org/index.php/Testing_for_HTTP_Parameter_pollution_%28OTG-INPVAL-004%29

Last updated: Dec 14, 2017 03:14PM UTC | 4 Agent replies | 4 Community replies | Feature Requests

Repeater tabs renaming and re-ordering feature request

Hi! It would be really useful if Burp allowed renaming and re-ordering the Repeater sub-tabs instead of only having fixed numbers. This would allow the user to organize requests and exactly know what each sub-tab has...

Last updated: Dec 13, 2017 01:58PM UTC | 2 Agent replies | 2 Community replies | Feature Requests

Intercept for websockets should be able to honour the scope

For client requests you can set it so that it only intercepts when the URL is in scope but for websockets it is either on or off. I've got all traffic going through Burp but only intercepting for my test sites but...

Last updated: Dec 08, 2017 11:04AM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Feature Request

Hi, Add option to split view request and response (side by side) in HTTP Proxy History (same as repeater view) Thanks!

Last updated: Nov 30, 2017 09:16AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Notification alert in Burp when scans go out od session

This is regarding the session handling feature in Burp for web-applications. I was trying Burp scans for one of my applications and found that the session had timed-out and I got 302 redirection responses which redirects to...

Last updated: Nov 29, 2017 09:15AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Cert expiration time

Hello Portswigger, What do you think about adding an option to specify how long a service cert should be valid ? Currently, every cert is issued for 20 years which is more than 39 months - the limitation introduced in...

Last updated: Nov 20, 2017 10:37PM UTC | 3 Agent replies | 2 Community replies | Feature Requests

Page 51 of 62

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image