Feature Requests - Page 53 - Burp Suite User Forum

Cert expiration time

Hello Portswigger, What do you think about adding an option to specify how long a service cert should be valid ? Currently, every cert is issued for 20 years which is more than 39 months - the limitation introduced in...

IRC Community Support

As responsive at the Portswigger team is (and I am impressed with their response times) I think that a community support channel on IRC would be benificial for collaboration and basic troubleshooting. Unfortunately, I do...

My letter to Santa Burp Team 2017 (Extender API enhancements)

Dear Santa Burp Team, My name is Luca and I am 37 years old. I have been a very good boy this year, and I would like the following Extender API enhancements: 1) Extend the support of IExtensionHelpers...

API extensions

Hi, I wrote an extension some time ago, but abandoned it due to missing API functionality. In particular, I needed the following: Ways to save extension state along with the rest of the saved state. While I could ask...

JWT Support

Does burp support session management JWT tokens using Authorization Bearer header? If yes, could anyone provide an explanation?

Random timing for intruder

Ability to set intruder to send requests at random times in a given range, for example a random time between 1 and 120 seconds for as many requests as you want.

Make Search Match better for Comparer

With SQL injections and other attack vectors it is necessary to check responses. However, if they are too long, it is hard to find highlighted text "by eye". I noticed there is a pre-defined shortcut for "Editor: Go to next...

Repeater History after tab closed

Hi Burp Community. Is it possible to keep Repeater History after a Repeater tab has been closed? Evidence is usually very important and it can get lost if i close my repeater windows. It would help a lot to have a...

Tip of the day

Can we have a tip of the day please?

Search lacks scanner option

Hello, It would be very useful if there is a tickbox in Burp->Search. Many times I have very large projects and I want to exclude the scanner results and some other times include them. Thank you

test Cross-site scripting in scanner using encoded payloads

Hello , I observed that the scanner was testing reflected XSS issues using payloads that are not URL encoded. This sometimes results in false positives as all modern popular browsers URL-encode special...

More reliable authenticated scanning

1) Consider this scenario: burp is configured to determine if the session is valid every 30 requests. Lets assume that the session will expire on the 20th request. In this case burp will recover the session but will have...

Save collaborator IBurpCollaboratorClientContext

Hi, If I am not wrong there is no way to save or recover an IBurpCollaboratorClientContext object, and if you create a collaborator client context using the createBurpCollaboratorClientContext() callback, right now there...

Extender API to add additional Decoder algorithms

Currently, there is no option to add additional algorithms to the "Decoder" from within an extension. For my first developed extension, I need(ed) base64url encoding/decoding to be supported and had to add an additional tab...

more flexible scanning

Imagine this scenario: I have 5 applications and sent many requests for test by repeater, proxy etc. Now they are accumulated 100 requests in the scanner waiting for the scanner to start. I would like to run 10 threads to...

Extended grep-extract in Intruder to cover more occurrences

I would like to ask for more web-scraping capabilities. Let's say I have an intruder to iterate through hundreds of payloads (e.g. page 1, 2, ...), and responses are always of the same format (XML, CSV, ...). I'm able to...

Allow extensions to modify proxy history

I was attempting to create an extension that would offer an option to automatically censor passwords or particular secrets within the Proxy HTTP History. Unfortunately, this does not appear to be possible, because the Burp...

Compare Navigate

I used to use the Compare tab a lot in Burp but every time I need to scroll manually in order to find the differences. If we have a button (like find) to navigate between the differences it'll be epic! :D

Enable proxy-style request

This would be useful in the following scenario: 1) portal.example.org is available externally (to everyone) 2) admin.example.org is restricted to internal network access only 3) Apache with the following...

Burp intruder extentions

Hi, It would be nice if Burp intruder get some additional options. Like an trigger option to manipulate the scan data or automatically rescan if there is an error in the replay.