Feature Requests - Page 51 - Burp Suite User Forum

Request chaining

Hi, I'm testing APIs. In the request, I can upload files, and insert plenty of data. Let's name it /person/edit/123. After it succeeds, I'm returned only true/false. Then I need to request another URL to see what data has...

Content Discovery make it more clear what has been discovered

I my opinion it is not clear at all what has been discovered using the Content Discovery functionality. Please make it clear in the sitemap what exactly has been discovered. Perhaps you guys could simply add an extra column...

Force spider engine to wait for page to load (Automated spider)

Hello, I was testing an intensive application this week and noticed that the spider tool wasn't finding a lot of the content on the site. The spidering was done through a scheduled task, so there was no manual browsing...

Option to turn off 'OR' based SQL injection tests

Hey, I noticed that the Burp Suite scanner uses 'OR' based SQL Injection tests by default, and that there is no option to disable this either. I was wondering if it would be possible to add an option in detection methods...

Advanced payload positioning system in Intruder

Problem: Currently, payload positions are based on where exactly the payload is positioned in the document. This is a very static approach has some drawbacks: - Difficult to correlate payload with payload-number if there...

Target analyzer filter

It would be nice if filtering functionality was added to the target analyzer. This way it would for example be possible to quickly filter out parameters used on a certain URL path, useful in big projects.

Changing Intruder Attack Column Names

It would be helpful being able to change the column names of an attack carried out with Intruder. For reporting purposes and screenshots, choosing more descriptive column names than, for instance, "Payload," is often...

JSON decoder in "Decoder"

Hi PORTSWIGGER team, I would be really greatful if you add support for JSON decoding to "Decoder". Because usually I find URLs like https%3a\/\/www.google.com\/blablabla... and I have to use other decoder like unescape()...

Filter: add JSON MIME

I would like to see only JSON in proxy history, with the help of proxy history filter. Currently JSON is categorized as “Scripts” in MIME filter, but JSON are typically different from normal JavaScript, especially in the...

Save Scan Report Wizard Defaults in Project Settings

Hello! We use Burp Suite with the Carbonator extension to scan our site automatically during regression testing with Selenium. Being able to run the scanner and create reports using Burp Extender is very useful, but the...

Use Collaborator in manual testing

I want to use collaborator while manual site testing. I think my case is very typical - I found some not typical SSRF vulnerability (which can't detect active scan) and want to check it. Now I must use my own NS server,...

Content Discovery: custom wordlist

The Content Discovery functionality allow the use of built-in wordlists, but does not facilitate a custom word-/filelist. While the built-in wordlists are OK, sometimes it's useful to be able to define a custom list, just...

Http headers manipulation

Burp tool is manipulating my http origin and referrer header. Please provide a way around to disable that

Compare site maps Reporting feature request

Requesting that the compare site maps feature be able to generate a report of the comparison output after display filters are applied. This would make it convenient to be able to provide a target organization a list of each...

Session Handling rules

Hi. It would be nice to have an option to update the session headers in the session rules. There exist a simillar option that allows us to update parameters and cookies, so why not the headers? I had an issue where the body...

scroll with wheel in preview tab

Currently scroll wheel doesn’t work for the preview tab of a response. It works for all the other tabs. Even better if we can scroll horizontally by holding Shift when scrolling. See...

Scan for .DS_Store files

Check out this writeup: https://en.internetwache.org/scanning-the-alexa-top-1m-for-ds-store-files-12-03-2018/ It would be cool if burp suite could automatically check for .DS_Store files on websites, parse the content,...

Custom Attributes on issues

Add IssueAttributes[] to the IScanIssue object that would get exported with the xml report. Name/Value pairs would suffice, however, nested objects would be awesome. This new property would have to come with all the...

Add new request to outstanding Macro

I'm using Macro editor quite often for anti CSRF tokens, as well as session management. However, when I would like to add a single request to the current macro, I need to re-record the entire macro again. Would it be...

Allow Match and Replace to change destination hostname

Please allow the Match and Replace function to change the destination address as well. It would make it easier to test certain scenarios where requests have to be rediredted to different hosts.