Feature Requests - Page 54 - Burp Suite User Forum

Extended grep-extract in Intruder to cover more occurrences

I would like to ask for more web-scraping capabilities. Let's say I have an intruder to iterate through hundreds of payloads (e.g. page 1, 2, ...), and responses are always of the same format (XML, CSV, ...). I'm able to...

Allow extensions to modify proxy history

I was attempting to create an extension that would offer an option to automatically censor passwords or particular secrets within the Proxy HTTP History. Unfortunately, this does not appear to be possible, because the Burp...

Compare Navigate

I used to use the Compare tab a lot in Burp but every time I need to scroll manually in order to find the differences. If we have a button (like find) to navigate between the differences it'll be epic! :D

Enable proxy-style request

This would be useful in the following scenario: 1) portal.example.org is available externally (to everyone) 2) admin.example.org is restricted to internal network access only 3) Apache with the following...

Burp intruder extentions

Hi, It would be nice if Burp intruder get some additional options. Like an trigger option to manipulate the scan data or automatically rescan if there is an error in the replay.

Ability to import traffic from .HAR files

It would be great to have a feature that allowed us to import HTTP Archive (HAR) files to help facilitate automated testing and integration with other tools....

payload in the "target" tab of the intruder

Hello, Could be possible for further releases, an option to specify the payload to be part of the IP address to connect to? For example, if I have a list of IP address to which I want to send an specific HTTP packet,...

Decoder Tabs

The decoder tool should have tabs like most of the other tools. It would be very useful to use one tab to decode and another to encode. I also think it would be useful if burp didn't clear the chain of decoders when you...

Intruder Column for Response Length Independent of Payload Size

When looking for web application behavior in response to fuzzing, I'm often looking for changes in the response length. The problem is that reflected input could obscure minor variations in the response that is separate from...

Stricter validation on Intruder payload "Dates"

When configuring "Dates" payloads in Intruder, non-digits characters like whitespace produce surprising behaviors that are hard to debug (no visual feedbacks outside of the "Request count"). For exemple, from 20 July 2017...

Burp Suite Enquiry about settings

In proxy options, there is bind address option in which there is specific address option. In free edition, I cannot give a specific address manually, there is a list of addresses, we cannot give any specific address. So I...

Extension release dates in BApp Store

An extension's version number is useful however it would be really useful to see the release dates for the extensions available in the BApp Store. Links to the extension and version history would also be useful. This way we...

Purge out of scope requests from proxy history

I like the new feature to allow me to not save out of scope requests to the proxy history and target tab. What I'd like is to also have the ability to purge out of scope requests that are already stored in history. Back in...

UI change

Dark theme/something that colours your history based on certain values, be it regex, host or whether the request is get or post.

Add "Extension provided checks" to "Active / Passive Scanning Areas"

Currently, active and passive checks initiated by extensions are run for every scan (i.e. even if no "Scanning Areas" are selected). Having new Scanning Areas (one for passive, one for active) dedicated to...

Add a "Response Received" column in Proxy History

As discussed ~ 1 year ago: https://support.portswigger.net/customer/portal/questions/16241817-add-a-response-received-column-in-proxy-history

Use long/verbose parameters for curl command

At the moment the tool generates the following curl command: curl -i -s -k -X $'GET' $'https://10.10.10.10/' If using the long version of the parameters it will be presented as: curl --include --silent --insecure...

search results value extraction

I couldn't find a way to do this in the current gui. Would it be possible to add a grep value extractor, similar to what we have in intruder, to the overall search window? eg. I may search for all requests with a certain...

After injecting the payload via POST/GET request, check if a specific string is present

Hello, I'm trying to figure out if it's present an extension or a native Burp function to check if a string (or the payload by itself) is present on multiple (or individual) specified webpages after the payload gets...

UI Changes on Repeater Tab

the top tab list in Burp Repeater (the multiple web requests) is terrible for when you have tens of tabs open. Please consider replacing the top tab with a left side list of requests that could be reordered (sort of like...