Burp Suite User Forum
At the moment the tool generates the following curl command: curl -i -s -k -X $'GET' $'https://10.10.10.10/' If using the long version of the parameters it will be presented as: curl --include --silent --insecure...
I couldn't find a way to do this in the current gui. Would it be possible to add a grep value extractor, similar to what we have in intruder, to the overall search window? eg. I may search for all requests with a certain...
Hello, I'm trying to figure out if it's present an extension or a native Burp function to check if a string (or the payload by itself) is present on multiple (or individual) specified webpages after the payload gets...
the top tab list in Burp Repeater (the multiple web requests) is terrible for when you have tens of tabs open. Please consider replacing the top tab with a left side list of requests that could be reordered (sort of like...
In the most recent version 1.6.21 - I see that under the Scanner tab you have added the "Issue" Listing - Thank you for that !!! However, I do not see any test for the absence of the HTTP Strict Transport Security (HSTS)...
Hey, I was testing an application which is listening on HTTP and does a redirect to HTTP/S, without a trailing /. Example HTTP Request: http://[victim]/XYZ Example HTTP Response: HTTP 301 Location:...
Hi Burp team, I tried Burp Infiltrator for the first time, nice tool! I noticed that it is missing out on Java JCR injections, which often have much lower impact than SQL injection but not always (and probably a lot of...
I'm using Pro 1.7.22, and test a fairly normal web application I get an issue report 'Strict transport security not enforced', which from a general perspective is correct: the application does not provide a...
I noticed Burp supports external service interaction -- DNS, http and SMPT. Do you have any plan to support external service interaction -- https? Recently we found our application is vulnerable (and exploitable) to external...
Good Morning, I just want to prefix by saying burp is fantastic, but i find all the tabs at the top really messy when i have like 10+ extensions loaded up at once. Would it be possible to add a feature/tickbox in the...
Hi, would be great if you could allow threads "per group". You dont want to burn one target down, but you might want to test other bits in parallel. An idea would be to allow an identifier set for a group per target...
Currently NTLMv1/v2 platform authentication requires the plaintext password, but often the hash value cannot be cracked easily back into plaintext in an expedient manner. Additionally if the hash is generated based on a 2fa...
Hi everybody, I did some test and seems that currently the active scan configuration is used to generate test cases when the scanner start to execute the tests on a specific request. That mean if you have a long queue and...
Currently NTLM authentication used in burp in not shown in any request and cannot be tracked/checked in anyway. A log should be usefull to check if there is problems. Maurizio
Please add a confirmation dialog to clear history from the right click menu option. This is far to destructive to the project integrity and irreversible right now.
Does Burp supports Windows 2012 R2 ?
It would be very good to have some sort of keep-alive functionality to ping server whether it is still up, and depending on the pre-set response by user (e.g. custom error message), it would pause Active scanning until the...
Dear Portswigger Team, Thanks for the brilliant work on Burp Infiltrator. I frequently run Burp Collaborator in internal environments without any outbound Internet connectivity, which means I have to set up Burp...
Hi, I am trying to run a request with a macro and post-macro to do this: Macro1 req1 / resp1 => extract param from rep1 Request get param from from last macro's response req / response (post)Macro2 ...
Any chances this feature will be supported in the near future?
Page 55 of 64
Your source for help and advice on all things Burp-related.