Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

suite-wide level traffic blacklist

Hope to add a scope blacklist option."Don't send items to Proxy history or other Burp tools, if in scope black list". and take effect before any other rules that filte traffic. if we just don't want to see noises like...

Last updated: Jun 04, 2018 07:18AM UTC | 1 Agent replies | 1 Community replies | Feature Requests

New Intruder payload processing rules

- Character length - Modify case: reverse/invert case (also in Case Modification payload type) - Reverse string - Trim whitespace (leading, trailing, both)

Last updated: May 30, 2018 10:48AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Intruder: allow negative Step values for Character Blocks, Dates payload types

.

Last updated: May 30, 2018 10:46AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Detailed scanner activity

Hello, it often happens that Burp causes 100% CPU usage when the Static Code Analysis is enabled, which is to be expected to a certain degree. Something that would really help understanding what's going on would be some...

Last updated: May 26, 2018 09:23AM UTC | 2 Agent replies | 2 Community replies | Feature Requests

Single thread possibility

Hi, with your new update in changing the # of threads into # of concurrent rate limit; could it be possible to limit Active scan to a single thread? I test apps which often have very complex session management, or...

Last updated: May 23, 2018 02:21PM UTC | 3 Agent replies | 3 Community replies | Feature Requests

Content Discovery button for add items to sitemap, or cancel it

Hello. In some cases Content Discovery may find many trash and add it to sitemap. If you don`t wait it, you not uncheck box of automatically site map add items. I think, it`s will be good for button for: 1. Add in sitemap...

Last updated: May 23, 2018 01:52PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

burp should support none http proxy

burp should support none http proxy, some application use none http to login, so if i proxy the http request, the application can not login! please handle this problem.

Last updated: May 21, 2018 07:41AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

test{{2*5}}

"><img src=x onerror=prompt(2)> <h1>test</h1> x

Last updated: May 19, 2018 12:18PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

test{{2*5}}

"><img src=x onerror=prompt(2)> <h1>test</h1> x

Last updated: May 19, 2018 12:17PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

option to select/deselect all when picking scan issues

In Scanner / Options / Scan Issues, there isn't a way to quickly disable or enable all issues. I only wanted to scan for SQLi but had to manually click through every other issue to turn it off. An option to turn them all...

Last updated: May 17, 2018 09:22AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

User options: Burp collaborator settings

Hello, it would be very usefull to add a "Burp collaborator settings" into the User options and add a standard "override" feature in the project options. The people who has is own collaborator server otherwise have to...

Last updated: May 14, 2018 02:48PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Burp Collaborator Polling server proxy/socks setting

It would very usefull to set a proxy and socks configuration for the polling server of the burp collaborator. Currently no upstream proxy is used. Maurizio

Last updated: May 14, 2018 02:32PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Request chaining

Hi, I'm testing APIs. In the request, I can upload files, and insert plenty of data. Let's name it /person/edit/123. After it succeeds, I'm returned only true/false. Then I need to request another URL to see what data has...

Last updated: May 10, 2018 12:40PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Content Discovery make it more clear what has been discovered

I my opinion it is not clear at all what has been discovered using the Content Discovery functionality. Please make it clear in the sitemap what exactly has been discovered. Perhaps you guys could simply add an extra column...

Last updated: May 09, 2018 07:52PM UTC | 4 Agent replies | 5 Community replies | Feature Requests

Force spider engine to wait for page to load (Automated spider)

Hello, I was testing an intensive application this week and noticed that the spider tool wasn't finding a lot of the content on the site. The spidering was done through a scheduled task, so there was no manual browsing...

Last updated: May 08, 2018 08:52AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Option to turn off 'OR' based SQL injection tests

Hey, I noticed that the Burp Suite scanner uses 'OR' based SQL Injection tests by default, and that there is no option to disable this either. I was wondering if it would be possible to add an option in detection methods...

Last updated: May 03, 2018 09:12AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Advanced payload positioning system in Intruder

Problem: Currently, payload positions are based on where exactly the payload is positioned in the document. This is a very static approach has some drawbacks: - Difficult to correlate payload with payload-number if there...

Last updated: Apr 26, 2018 02:30PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Target analyzer filter

It would be nice if filtering functionality was added to the target analyzer. This way it would for example be possible to quickly filter out parameters used on a certain URL path, useful in big projects.

Last updated: Apr 20, 2018 09:17AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Changing Intruder Attack Column Names

It would be helpful being able to change the column names of an attack carried out with Intruder. For reporting purposes and screenshots, choosing more descriptive column names than, for instance, "Payload," is often...

Last updated: Apr 13, 2018 10:04AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

JSON decoder in "Decoder"

Hi PORTSWIGGER team, I would be really greatful if you add support for JSON decoding to "Decoder". Because usually I find URLs like https%3a\/\/www.google.com\/blablabla... and I have to use other decoder like unescape()...

Last updated: Apr 06, 2018 02:46PM UTC | 4 Agent replies | 6 Community replies | Feature Requests

51 52
53
54 55

Page 53 of 66

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image