Burp Suite User Forum
Hello Portswigger, What do you think about adding an option to specify how long a service cert should be valid ? Currently, every cert is issued for 20 years which is more than 39 months - the limitation introduced in...
As responsive at the Portswigger team is (and I am impressed with their response times) I think that a community support channel on IRC would be benificial for collaboration and basic troubleshooting. Unfortunately, I do...
Dear Santa Burp Team, My name is Luca and I am 37 years old. I have been a very good boy this year, and I would like the following Extender API enhancements: 1) Extend the support of IExtensionHelpers...
Hi, I wrote an extension some time ago, but abandoned it due to missing API functionality. In particular, I needed the following: Ways to save extension state along with the rest of the saved state. While I could ask...
Does burp support session management JWT tokens using Authorization Bearer header? If yes, could anyone provide an explanation?
Ability to set intruder to send requests at random times in a given range, for example a random time between 1 and 120 seconds for as many requests as you want.
With SQL injections and other attack vectors it is necessary to check responses. However, if they are too long, it is hard to find highlighted text "by eye". I noticed there is a pre-defined shortcut for "Editor: Go to next...
Hi Burp Community. Is it possible to keep Repeater History after a Repeater tab has been closed? Evidence is usually very important and it can get lost if i close my repeater windows. It would help a lot to have a...
Can we have a tip of the day please?
Hello, It would be very useful if there is a tickbox in Burp->Search. Many times I have very large projects and I want to exclude the scanner results and some other times include them. Thank you
Hello , I observed that the scanner was testing reflected XSS issues using payloads that are not URL encoded. This sometimes results in false positives as all modern popular browsers URL-encode special...
1) Consider this scenario: burp is configured to determine if the session is valid every 30 requests. Lets assume that the session will expire on the 20th request. In this case burp will recover the session but will have...
Hi, If I am not wrong there is no way to save or recover an IBurpCollaboratorClientContext object, and if you create a collaborator client context using the createBurpCollaboratorClientContext() callback, right now there...
Currently, there is no option to add additional algorithms to the "Decoder" from within an extension. For my first developed extension, I need(ed) base64url encoding/decoding to be supported and had to add an additional tab...
Imagine this scenario: I have 5 applications and sent many requests for test by repeater, proxy etc. Now they are accumulated 100 requests in the scanner waiting for the scanner to start. I would like to run 10 threads to...
I would like to ask for more web-scraping capabilities. Let's say I have an intruder to iterate through hundreds of payloads (e.g. page 1, 2, ...), and responses are always of the same format (XML, CSV, ...). I'm able to...
I was attempting to create an extension that would offer an option to automatically censor passwords or particular secrets within the Proxy HTTP History. Unfortunately, this does not appear to be possible, because the Burp...
I used to use the Compare tab a lot in Burp but every time I need to scroll manually in order to find the differences. If we have a button (like find) to navigate between the differences it'll be epic! :D
This would be useful in the following scenario: 1) portal.example.org is available externally (to everyone) 2) admin.example.org is restricted to internal network access only 3) Apache with the following...
Hi, It would be nice if Burp intruder get some additional options. Like an trigger option to manipulate the scan data or automatically rescan if there is an error in the replay.
Page 53 of 63
Your source for help and advice on all things Burp-related.