Burp Suite User Forum

Create new post

IRC Community Support

As responsive at the Portswigger team is (and I am impressed with their response times) I think that a community support channel on IRC would be benificial for collaboration and basic troubleshooting. Unfortunately, I do...

Last updated: Nov 15, 2017 02:08AM UTC | 2 Agent replies | 5 Community replies | Feature Requests

My letter to Santa Burp Team 2017 (Extender API enhancements)

Dear Santa Burp Team, My name is Luca and I am 37 years old. I have been a very good boy this year, and I would like the following Extender API enhancements: 1) Extend the support of IExtensionHelpers...

Last updated: Oct 18, 2017 01:14PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

API extensions

Hi, I wrote an extension some time ago, but abandoned it due to missing API functionality. In particular, I needed the following: Ways to save extension state along with the rest of the saved state. While I could ask...

Last updated: Oct 06, 2017 01:52PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

JWT Support

Does burp support session management JWT tokens using Authorization Bearer header? If yes, could anyone provide an explanation?

Last updated: Sep 29, 2017 02:03PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Random timing for intruder

Ability to set intruder to send requests at random times in a given range, for example a random time between 1 and 120 seconds for as many requests as you want.

Last updated: Sep 28, 2017 03:51PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Make Search Match better for Comparer

With SQL injections and other attack vectors it is necessary to check responses. However, if they are too long, it is hard to find highlighted text "by eye". I noticed there is a pre-defined shortcut for "Editor: Go to next...

Last updated: Sep 22, 2017 01:34PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Repeater History after tab closed

Hi Burp Community. Is it possible to keep Repeater History after a Repeater tab has been closed? Evidence is usually very important and it can get lost if i close my repeater windows. It would help a lot to have a...

Last updated: Sep 20, 2017 02:10PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Tip of the day

Can we have a tip of the day please?

Last updated: Sep 19, 2017 11:17AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Search lacks scanner option

Hello, It would be very useful if there is a tickbox in Burp->Search. Many times I have very large projects and I want to exclude the scanner results and some other times include them. Thank you

Last updated: Sep 14, 2017 02:34PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

test Cross-site scripting in scanner using encoded payloads

Hello , I observed that the scanner was testing reflected XSS issues using payloads that are not URL encoded. This sometimes results in false positives as all modern popular browsers URL-encode special...

Last updated: Sep 14, 2017 08:23AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

More reliable authenticated scanning

1) Consider this scenario: burp is configured to determine if the session is valid every 30 requests. Lets assume that the session will expire on the 20th request. In this case burp will recover the session but will have...

Last updated: Sep 13, 2017 07:02PM UTC | 3 Agent replies | 2 Community replies | Feature Requests

Save collaborator IBurpCollaboratorClientContext

Hi, If I am not wrong there is no way to save or recover an IBurpCollaboratorClientContext object, and if you create a collaborator client context using the createBurpCollaboratorClientContext() callback, right now there...

Last updated: Sep 13, 2017 10:04AM UTC | 2 Agent replies | 2 Community replies | Feature Requests

Extender API to add additional Decoder algorithms

Currently, there is no option to add additional algorithms to the "Decoder" from within an extension. For my first developed extension, I need(ed) base64url encoding/decoding to be supported and had to add an additional tab...

Last updated: Sep 08, 2017 03:25PM UTC | 0 Agent replies | 1 Community replies | Feature Requests

more flexible scanning

Imagine this scenario: I have 5 applications and sent many requests for test by repeater, proxy etc. Now they are accumulated 100 requests in the scanner waiting for the scanner to start. I would like to run 10 threads to...

Last updated: Sep 07, 2017 12:37PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Extended grep-extract in Intruder to cover more occurrences

I would like to ask for more web-scraping capabilities. Let's say I have an intruder to iterate through hundreds of payloads (e.g. page 1, 2, ...), and responses are always of the same format (XML, CSV, ...). I'm able to...

Last updated: Sep 07, 2017 10:08AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Allow extensions to modify proxy history

I was attempting to create an extension that would offer an option to automatically censor passwords or particular secrets within the Proxy HTTP History. Unfortunately, this does not appear to be possible, because the Burp...

Last updated: Sep 05, 2017 03:01PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Compare Navigate

I used to use the Compare tab a lot in Burp but every time I need to scroll manually in order to find the differences. If we have a button (like find) to navigate between the differences it'll be epic! :D

Last updated: Aug 29, 2017 09:44AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Enable proxy-style request

This would be useful in the following scenario: 1) portal.example.org is available externally (to everyone) 2) admin.example.org is restricted to internal network access only 3) Apache with the following...

Last updated: Aug 23, 2017 10:55AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Burp intruder extentions

Hi, It would be nice if Burp intruder get some additional options. Like an trigger option to manipulate the scan data or automatically rescan if there is an error in the replay.

Last updated: Aug 09, 2017 01:57PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Ability to import traffic from .HAR files

It would be great to have a feature that allowed us to import HTTP Archive (HAR) files to help facilitate automated testing and integration with other tools....

Last updated: Aug 09, 2017 07:53AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Page 53 of 63

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image