Burp Suite User Forum
Hope to add a scope blacklist option."Don't send items to Proxy history or other Burp tools, if in scope black list". and take effect before any other rules that filte traffic. if we just don't want to see noises like...
- Character length - Modify case: reverse/invert case (also in Case Modification payload type) - Reverse string - Trim whitespace (leading, trailing, both)
.
Hello, it often happens that Burp causes 100% CPU usage when the Static Code Analysis is enabled, which is to be expected to a certain degree. Something that would really help understanding what's going on would be some...
Hi, with your new update in changing the # of threads into # of concurrent rate limit; could it be possible to limit Active scan to a single thread? I test apps which often have very complex session management, or...
Hello. In some cases Content Discovery may find many trash and add it to sitemap. If you don`t wait it, you not uncheck box of automatically site map add items. I think, it`s will be good for button for: 1. Add in sitemap...
burp should support none http proxy, some application use none http to login, so if i proxy the http request, the application can not login! please handle this problem.
"><img src=x onerror=prompt(2)> <h1>test</h1> x
"><img src=x onerror=prompt(2)> <h1>test</h1> x
In Scanner / Options / Scan Issues, there isn't a way to quickly disable or enable all issues. I only wanted to scan for SQLi but had to manually click through every other issue to turn it off. An option to turn them all...
Hello, it would be very usefull to add a "Burp collaborator settings" into the User options and add a standard "override" feature in the project options. The people who has is own collaborator server otherwise have to...
It would very usefull to set a proxy and socks configuration for the polling server of the burp collaborator. Currently no upstream proxy is used. Maurizio
Hi, I'm testing APIs. In the request, I can upload files, and insert plenty of data. Let's name it /person/edit/123. After it succeeds, I'm returned only true/false. Then I need to request another URL to see what data has...
I my opinion it is not clear at all what has been discovered using the Content Discovery functionality. Please make it clear in the sitemap what exactly has been discovered. Perhaps you guys could simply add an extra column...
Hello, I was testing an intensive application this week and noticed that the spider tool wasn't finding a lot of the content on the site. The spidering was done through a scheduled task, so there was no manual browsing...
Hey, I noticed that the Burp Suite scanner uses 'OR' based SQL Injection tests by default, and that there is no option to disable this either. I was wondering if it would be possible to add an option in detection methods...
Problem: Currently, payload positions are based on where exactly the payload is positioned in the document. This is a very static approach has some drawbacks: - Difficult to correlate payload with payload-number if there...
It would be nice if filtering functionality was added to the target analyzer. This way it would for example be possible to quickly filter out parameters used on a certain URL path, useful in big projects.
It would be helpful being able to change the column names of an attack carried out with Intruder. For reporting purposes and screenshots, choosing more descriptive column names than, for instance, "Payload," is often...
Hi PORTSWIGGER team, I would be really greatful if you add support for JSON decoding to "Decoder". Because usually I find URLs like https%3a\/\/www.google.com\/blablabla... and I have to use other decoder like unescape()...
Page 53 of 66
Your source for help and advice on all things Burp-related.