Burp Suite User Forum
Hi PORTSWIGGER team, I would be really greatful if you add support for JSON decoding to "Decoder". Because usually I find URLs like https%3a\/\/www.google.com\/blablabla... and I have to use other decoder like unescape()...
I would like to see only JSON in proxy history, with the help of proxy history filter. Currently JSON is categorized as “Scripts” in MIME filter, but JSON are typically different from normal JavaScript, especially in the...
Hello! We use Burp Suite with the Carbonator extension to scan our site automatically during regression testing with Selenium. Being able to run the scanner and create reports using Burp Extender is very useful, but the...
I want to use collaborator while manual site testing. I think my case is very typical - I found some not typical SSRF vulnerability (which can't detect active scan) and want to check it. Now I must use my own NS server,...
The Content Discovery functionality allow the use of built-in wordlists, but does not facilitate a custom word-/filelist. While the built-in wordlists are OK, sometimes it's useful to be able to define a custom list, just...
Burp tool is manipulating my http origin and referrer header. Please provide a way around to disable that
Requesting that the compare site maps feature be able to generate a report of the comparison output after display filters are applied. This would make it convenient to be able to provide a target organization a list of each...
Hi. It would be nice to have an option to update the session headers in the session rules. There exist a simillar option that allows us to update parameters and cookies, so why not the headers? I had an issue where the body...
Currently scroll wheel doesn’t work for the preview tab of a response. It works for all the other tabs. Even better if we can scroll horizontally by holding Shift when scrolling. See...
Check out this writeup: https://en.internetwache.org/scanning-the-alexa-top-1m-for-ds-store-files-12-03-2018/ It would be cool if burp suite could automatically check for .DS_Store files on websites, parse the content,...
Add IssueAttributes[] to the IScanIssue object that would get exported with the xml report. Name/Value pairs would suffice, however, nested objects would be awesome. This new property would have to come with all the...
I'm using Macro editor quite often for anti CSRF tokens, as well as session management. However, when I would like to add a single request to the current macro, I need to re-record the entire macro again. Would it be...
Please allow the Match and Replace function to change the destination address as well. It would make it easier to test certain scenarios where requests have to be rediredted to different hosts.
Hi, I've posted a FR on Twitter (https://twitter.com/ddouhine/status/938025572596412418) which has been added to the dev backlog but I put it here too in case of... BurpSuite handles nested insertion points for the...
Hello, I use the Repeater a lot to find new pages/behaviors on web servers but each time I find something interesting I need to right click on the response, click on "Add to site map" and then confirm. A total of 3 clicks...
Hello, When you have to work on multiple targets (hosts) and launch a scan on all of them, the scanning time is slowed down because you have a single queue. This single queue means that Burp have to finish scanning host1...
Hello, I could be helpful to add a button in the Cookie Jar viewer window to manually "Add a cookie". Davy
Hi, It could be cool to have an automatic decoding (e.g: base64 decode) when you move your mouse over an encoded value anywhere in the tool (instead of selecting it, right-click on send to decoder, etc...). I know, i'm...
Hi, I was wondering if you guys had any plans to bring an update to the burp-api, containing an extension of the api for the intruder? If not - it would be awesome if it were possible to use the intruders...
It would be great if we can configure SSL pass-through globally. For example, Google Analysis and Google Translation are typically out of scope of ordinary user. Current per-project setting is expected to override global...
Page 54 of 66
Your source for help and advice on all things Burp-related.