Burp Suite User Forum
I observed that burp scanner sends attack payloads in unquoted JSON attributes, which usually results in server side parsing errors. I repeated the attack request with quoted attribute and there were no parsing errors. Will...
IWhent Jop
Dear Team, During my assessment of a Web app, BurpSuite gave below High Vulnerabilities: 1. Out-of-band resource load (HTTP) 2. External service interaction (DNS & HTTP) Example of a Request &...
An ability to intercept non-HTTP protocols (perhaps an API feature to let users code extensions for relevant protocols). A situation arrived at work involving SIP. Getting the traffic to pass through Burp was easy, but...
Would be great to auto-highlighting based on a regex match. Specifically would be great to use this for visually separating sessions if we could match a by cookie header.
It would be great to know which "Insertion points" the Scanner used for a certain request (aka "Scan item"): right now only the total number of them is showed, but not their location.
Add a way to duplicate a repeater tab
Currently if I want to browse some website through Burp with an NTLM authentication I need to provide to Burp the credentials. Since by design NTLM is prone to re(p)lay attack, why can't Burp just replay the challenges and...
Hi , I am using Burpsuite Pro edition 1.7.35 and i am big fan of Burpsuite Extensions. I use plenty of them and the problem that i face while using them is that the name of some of these extensions is so long that it...
Apologies if this is a duplicate, I haven't found a similar request. I'd like to request a feature which adds a user-configurable name or title field to each entry under Upstream Proxy Servers. I work at a place with a...
Currently the collaborator it allow only to understand if a specific request generate an interaction with the collaborator on own payload. It would be very useful to add a feature to show in burp also exfiltrated...
During pentest of some apps it's very handy to login as multiple users for testing interactivity issues and other things. I just setup multiple listeners to make that easy. It would be super helpful if you could assign a...
As part of Active Scan, I know I can fine-tune heuristics to disable Infiltrator for some individual issues. However, I need to sort by Detection Methods, and open each of them to check if Infiltrator is enabled, and then...
When I open Burp in OS X, I have to click through two screens - the first for project creation/load (defaults to 'Temporary project'), and the second the config loader (defaults to 'Use Burp defaults'). I would love have...
Hi Team, Hope Issue object also record the original HTTP Message(base request and response) when record the HTTP messages on the basis of which the issue was generated. why I need this? I want to write a...
Is it possible to randomize the order of the scanning queue? If not, can I access the queue from Jython? Thanks Jonas
Hey, Burp should add a feature to export Report according to OWASP top 10 vulnerability.
Burp suite currently doesn't support IPv6, except through /etc/hosts tinkering (which fails if there are redirects in the application e.g. to absolute IPs). IPv6 is widely deployed in a number of markets and a professional...
Hello, It may be helpful for troubleshooting to add a hint to proxy error pages about out of scope responses when dropping out of scope requests. Users may forget that the under the project options tab, connections...
Love your product, been using it for over a decade. I just had an idea for a feature that I think would be really interesting and useful. You could dynamically create a proxy autoconfig file that would only proxy items...
Page 52 of 66
Your source for help and advice on all things Burp-related.