Feature Requests - Page 52 - Burp Suite User Forum

Display colors for Background and Font

Is it possible to change the display background to darker theme, e.g. black or dark grey. I suffer from Scotopic Sensitivity Syndrome, so i find difficult to read from white background. I would prefer to change the font...

Evaluating Burp Enterprise by scanning real-time projects

Hello, I have been evaluating Burp ENT beta version for more than two weeks. I did scan some dummy and local websites (comparatively small). Everything went smooth. But, When I tried scanning for an actual...

Support Center Bug Reports

Can we get email notifications when someone replies to a bug report? It's pretty annoying to get back to the site until someone replied, and then having to look for the issue again. Thanks, Luca

Burp Collaborator further protocols

Hi Burp Team, The burp collaborator is an awesome tool, I often use other protocols on top of HTTP/S and SMTP/S when testing SSRF and XXE however. Do you plan on supporting FTP/S or other protocols? As a dirty hack, one...

Enforce sending of TLS client certificate

When configuring a TLS client certificate in Burp, it is only used when the server requests it in the TLS handshake. However, it would be very helpful if there would be a checkbox, which enforces usage of the TLS client...

OWASP Top 10 updated (2017)

OWASP TOP 10 has been revised for 2017... noteably there are 3 new vulnerabilities listed; A4 - Broken Access Control, A7 - Insufficient Attack Protection, and A10 - Underprotected APIs. When do you plan on updating your...

Support CWE ID in reports

Like other professionals, we use CWE for classify vulnerabilities. In our case we try to use several tools and correlate vulnerabilities in this way. Thank to that we can create custom reports using our description of...

Security standards

Do the vunarabilities identified are classified to any security standards (OWASP/CWE)? Also whether the latest scanner covers all the OWASP 2017 top 10 vunarabilities ?

Built in Scripting Language

So that a testar can script requests and responses on the fly without the pain of writing custom extensions. Extensions are awesome, but sometimes the timeframe is very limited, kicking the "write an extension for this" out...

Is there anyway to automatic resend request with 5xx Status in Intruder module.

Is there anyway to automatic resend request with 5xx Status & "no response" in Intruder module. I always have to manual resend 100k or more request with 5xx Status or "no response" after 10m request. Which is very...

Per-Extension IRequestResponse Comment

Adding a comment to a IRequestResponse object can be useful for a number of things. However, not all extensions consider that this is a shared field and may overwrite values set by other extensions. A solution to this may...

Add duplicate token detection to Sequencer

I was recently working on a badly broken app that had home rolled session tokens (never a good thing). The token entropy was so bad that there were even duplicates in the sequence. Now, whilst this is the kind of thing...

Allow custom color highlighting

I like the color highlighting of requests in the proxy http history, but the hard-coded colors are mostly too bright/vibrant. It would be nice to be able to use a custom color so I can use softer colors.

Getting the time when a request was made

Let me put this straight. I have configured burpsuite proxy and everything correctly. How do I find the exact time and date a request was made? For example when I go to www.google.com, I want burpsuite to show me...

Search among extensions

Hi! the BApp Store currently includes nearly 200 extensions. When having a specific need, I systematically go the Web version (https://portswigger.net/bappstore) and Ctrl+F the page. That requires Internet access, breaks...

Dark theme

Hi! Hackers love to hack by night. And our eyes are so fragile... To be short: I can't wait testing 2beta10 and its new dark theme :-D https://twitter.com/Burp_Suite/status/1055436883805827073 Looking forward!!

Site map - Filter by Tools

In the Site Map tree, I can see many payloads (in folder and file names) which were used by Active scanner (alone, or by some extension during the Active Scan). Such payloads are: %00grqjw%22a%3d%22b%22sc35f %00prompt(1)...

Integrat Burp with TFS build

Hello, Kindly I would like to know if we can integrate Burp with Microsoft Team Foundation Server (TFS) or if we can integrate the test result into TFS. Also, is possible to run the test as continuous integration? Thanks...

Extend SQL recognition to responses

The Active scanner in Burp already identifies SQL statements within queries as potential SQL injection vulnerabilities. However, some applications log the executed SQL statements in the HTML output as comments or in an HTML...

Double click to open existing project

It's a commonly implemented UI pattern that when a dialog has a list that you can select elements from and a button to commit to that selection, double clicking an element on the list performs both actions (selecting the...