Burp Suite User Forum

Create new post

Requesting a feature that allows us to automatically intercept all responses

As far as I know, to intercept a response, I must manually intercept the response for that request using the Action button. A feature that would allow me to intercept all responses without having to go through the action...

Last updated: Jan 25, 2017 03:23PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Global Regex Rules

Hello all, I would like to see a feature similar to "Proxy->Options>Match and Replace" that would affect not only the requests proxied by Burp but all the request within Burp. I explain, sometime, I would spider and...

Last updated: Jan 17, 2017 11:55AM UTC | 0 Agent replies | 1 Community replies | Feature Requests

Spider and Scanner History

We were performing an application penetration test on an internal production application with the Spider on.Now, blame it on whoever , our pentesters forgot to turn off the Form submitting feature of Spider and it went ahead...

Last updated: Jan 13, 2017 09:38AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Mark targets as preferred - Site Map

Hi Team, While we perform an assessment for any webpage it shows all the sites under Site Map, but we have only limited sites under assessment scope on which we want to focus. A tag to mark some site as preferred (moving...

Last updated: Jan 04, 2017 12:00PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Burp 2FA integration - Disable human intervention during 2FA process

Hi, In today's best practice, medium risk and above applications implement some form of 2FA solution with sensitive functionality like authentication , forgot password, enabling transaction, account activation...

Last updated: Jan 03, 2017 10:21AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Programming interface

That would be great if Burpsuite has a programming interface like fiddlerscript in fiddler. That will allow tester to explore more potential of burpsuite and the requests made.

Last updated: Dec 23, 2016 09:13AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Allow Repeater to execute a request several times

The Intruder option does not work for multipart/form-data requests with binary data. The Intruder tries to interpret the § symbols within the binary data and thinks these are payload locations. The Repeater should have a...

Last updated: Dec 22, 2016 09:19AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Target organization

When following a manual testing workflow, I prefer to reference the site hierarchy under the Target tab, but there is no way to track progress or my remarks internally. If paths could be color-coded and allow comments or...

Last updated: Dec 19, 2016 04:58PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Options to match & replace from existing message (like regex backreferences)

Hi, I'd like to request a feature in Proxy's Options- Match & Replaces where I can find a match, and replace it with existing messages. For clarity, suppose I want to append Origin header in each requests, but I want...

Last updated: Dec 16, 2016 10:42AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

"Parameter values extractor"

Basically this is an advanced search feature which gives a list of all values assigned to a parameter. The parameter can appear either in GET, POST, etc. requests or responses, or JSON, XML, etc. messages. The...

Last updated: Dec 14, 2016 06:06PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Session Handling Rule - On Failure - Switch Proxy

I sometimes find in performing test that there are devices in place that lock out web activities for 5-10 mins if too many perceived attacks are seen. I think it would be great to have a session handling rule that would...

Last updated: Dec 01, 2016 09:25AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

partial JSON config files

Currently when starting a new burp project and loading it with a config file, you have to have every option filled in the JSON, otherwise it'll leave that field as blank in the new project. I'd really like it if you could...

Last updated: Nov 29, 2016 04:50PM UTC | 2 Agent replies | 0 Community replies | Feature Requests

Cannot down load

I am unable to download can you send me a link to my product, thank you. And I could definitely use a new feature, I think my boyfriend is cheating on me any burp suite could help me out? Amy

Last updated: Nov 27, 2016 03:55PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

IResponseVariations - set attribute

Hi, I saw the new IResponseVariations API... They are great! To increase the power of these new API, It would be great to be able to add custom attributes. In this way a user can add an attribute and write his own code...

Last updated: Nov 24, 2016 08:57AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Add "Invoke Extension" to "Session Handling Action Editor"

The "Session handling action editor" has a dropdown menu with two options to "Define behavior dependent on session validity": - Prompt for in-browser session recovery - Run a macro I would like to see "Invoke a Burp...

Last updated: Nov 15, 2016 08:55PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Collaborator Client

Hi, It would be nice if the Collaborator Client also showed the Response, ie. bt0fqqbb5tbzo2v7jim1cvzjigz, when its copied to the Clipboard. I suspect there would be cases where I would want a different response for each...

Last updated: Nov 14, 2016 09:21PM UTC | 2 Agent replies | 98 Community replies | Feature Requests

Preview insertion points in upcoming scans in scan queue

It would be nice to see the insertion point count on upcoming scans in the queue to good idea of what kinda of time it's going to take to scan the upcoming items. if you see you have 40 links all with 200+ insertion...

Last updated: Nov 10, 2016 03:48PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Scan for ONLY burp suite plugin (custom insertion point)

I'd like to be able to launch only my plugin during a scan. I think the scanner tab should perhaps have the option of enable/disabling a plugin in addition to the other [x] enable/disable buttons. Lets say I only want to do...

Last updated: Nov 10, 2016 03:47PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

A way to update previous requests in from your site map with your current authentication tokens

Hi there I was wondering whether there was a feature and if not it would be useful if you could update requests from the HTTP history with current authentication cookies without the need of copy and pasting them. Just...

Last updated: Nov 04, 2016 02:24PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Proxy tab Http history - display both request and response of the selected message

Hello, It would be great, if by default both request and response are displayed in the Proxy Http History tab. In the current implementation, you have to choose request or response in the message view. Thank you Best...

Last updated: Sep 27, 2016 08:37PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

Page 55 of 62

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image