Feature Requests - Page 56 - Burp Suite User Forum

Option to turn off 'OR' based SQL injection tests

Hey, I noticed that the Burp Suite scanner uses 'OR' based SQL Injection tests by default, and that there is no option to disable this either. I was wondering if it would be possible to add an option in detection methods...

Advanced payload positioning system in Intruder

Problem: Currently, payload positions are based on where exactly the payload is positioned in the document. This is a very static approach has some drawbacks: - Difficult to correlate payload with payload-number if there...

Target analyzer filter

It would be nice if filtering functionality was added to the target analyzer. This way it would for example be possible to quickly filter out parameters used on a certain URL path, useful in big projects.

Changing Intruder Attack Column Names

It would be helpful being able to change the column names of an attack carried out with Intruder. For reporting purposes and screenshots, choosing more descriptive column names than, for instance, "Payload," is often...

JSON decoder in "Decoder"

Hi PORTSWIGGER team, I would be really greatful if you add support for JSON decoding to "Decoder". Because usually I find URLs like https%3a\/\/www.google.com\/blablabla... and I have to use other decoder like unescape()...

Filter: add JSON MIME

I would like to see only JSON in proxy history, with the help of proxy history filter. Currently JSON is categorized as “Scripts” in MIME filter, but JSON are typically different from normal JavaScript, especially in the...

Save Scan Report Wizard Defaults in Project Settings

Hello! We use Burp Suite with the Carbonator extension to scan our site automatically during regression testing with Selenium. Being able to run the scanner and create reports using Burp Extender is very useful, but the...

Use Collaborator in manual testing

I want to use collaborator while manual site testing. I think my case is very typical - I found some not typical SSRF vulnerability (which can't detect active scan) and want to check it. Now I must use my own NS server,...

Content Discovery: custom wordlist

The Content Discovery functionality allow the use of built-in wordlists, but does not facilitate a custom word-/filelist. While the built-in wordlists are OK, sometimes it's useful to be able to define a custom list, just...

Http headers manipulation

Burp tool is manipulating my http origin and referrer header. Please provide a way around to disable that

Compare site maps Reporting feature request

Requesting that the compare site maps feature be able to generate a report of the comparison output after display filters are applied. This would make it convenient to be able to provide a target organization a list of each...

Session Handling rules

Hi. It would be nice to have an option to update the session headers in the session rules. There exist a simillar option that allows us to update parameters and cookies, so why not the headers? I had an issue where the body...

scroll with wheel in preview tab

Currently scroll wheel doesn’t work for the preview tab of a response. It works for all the other tabs. Even better if we can scroll horizontally by holding Shift when scrolling. See...

Scan for .DS_Store files

Check out this writeup: https://en.internetwache.org/scanning-the-alexa-top-1m-for-ds-store-files-12-03-2018/ It would be cool if burp suite could automatically check for .DS_Store files on websites, parse the content,...

Custom Attributes on issues

Add IssueAttributes[] to the IScanIssue object that would get exported with the xml report. Name/Value pairs would suffice, however, nested objects would be awesome. This new property would have to come with all the...

Add new request to outstanding Macro

I'm using Macro editor quite often for anti CSRF tokens, as well as session management. However, when I would like to add a single request to the current macro, I need to re-record the entire macro again. Would it be...

Allow Match and Replace to change destination hostname

Please allow the Match and Replace function to change the destination address as well. It would make it easier to test certain scenarios where requests have to be rediredted to different hosts.

Search through nested values

Hi, I've posted a FR on Twitter (https://twitter.com/ddouhine/status/938025572596412418) which has been added to the dev backlog but I put it here too in case of... BurpSuite handles nested insertion points for the...

In Repeater automatically add answers to the site map

Hello, I use the Repeater a lot to find new pages/behaviors on web servers but each time I find something interesting I need to right click on the response, click on "Add to site map" and then confirm. A total of 3 clicks...

One scanning queue per host ?

Hello, When you have to work on multiple targets (hosts) and launch a scan on all of them, the scanning time is slowed down because you have a single queue. This single queue means that Burp have to finish scanning host1...