Burp Suite User Forum
It would be great to have a feature that allowed us to import HTTP Archive (HAR) files to help facilitate automated testing and integration with other tools....
Hello, Could be possible for further releases, an option to specify the payload to be part of the IP address to connect to? For example, if I have a list of IP address to which I want to send an specific HTTP packet,...
When looking for web application behavior in response to fuzzing, I'm often looking for changes in the response length. The problem is that reflected input could obscure minor variations in the response that is separate from...
When configuring "Dates" payloads in Intruder, non-digits characters like whitespace produce surprising behaviors that are hard to debug (no visual feedbacks outside of the "Request count"). For exemple, from 20 July 2017...
In proxy options, there is bind address option in which there is specific address option. In free edition, I cannot give a specific address manually, there is a list of addresses, we cannot give any specific address. So I...
An extension's version number is useful however it would be really useful to see the release dates for the extensions available in the BApp Store. Links to the extension and version history would also be useful. This way we...
I like the new feature to allow me to not save out of scope requests to the proxy history and target tab. What I'd like is to also have the ability to purge out of scope requests that are already stored in history. Back in...
Dark theme/something that colours your history based on certain values, be it regex, host or whether the request is get or post.
Currently, active and passive checks initiated by extensions are run for every scan (i.e. even if no "Scanning Areas" are selected). Having new Scanning Areas (one for passive, one for active) dedicated to...
As discussed ~ 1 year ago: https://support.portswigger.net/customer/portal/questions/16241817-add-a-response-received-column-in-proxy-history
At the moment the tool generates the following curl command: curl -i -s -k -X $'GET' $'https://10.10.10.10/' If using the long version of the parameters it will be presented as: curl --include --silent --insecure...
I couldn't find a way to do this in the current gui. Would it be possible to add a grep value extractor, similar to what we have in intruder, to the overall search window? eg. I may search for all requests with a certain...
Hello, I'm trying to figure out if it's present an extension or a native Burp function to check if a string (or the payload by itself) is present on multiple (or individual) specified webpages after the payload gets...
the top tab list in Burp Repeater (the multiple web requests) is terrible for when you have tens of tabs open. Please consider replacing the top tab with a left side list of requests that could be reordered (sort of like...
In the most recent version 1.6.21 - I see that under the Scanner tab you have added the "Issue" Listing - Thank you for that !!! However, I do not see any test for the absence of the HTTP Strict Transport Security (HSTS)...
Hey, I was testing an application which is listening on HTTP and does a redirect to HTTP/S, without a trailing /. Example HTTP Request: http://[victim]/XYZ Example HTTP Response: HTTP 301 Location:...
Hi Burp team, I tried Burp Infiltrator for the first time, nice tool! I noticed that it is missing out on Java JCR injections, which often have much lower impact than SQL injection but not always (and probably a lot of...
I'm using Pro 1.7.22, and test a fairly normal web application I get an issue report 'Strict transport security not enforced', which from a general perspective is correct: the application does not provide a...
I noticed Burp supports external service interaction -- DNS, http and SMPT. Do you have any plan to support external service interaction -- https? Recently we found our application is vulnerable (and exploitable) to external...
Good Morning, I just want to prefix by saying burp is fantastic, but i find all the tabs at the top really messy when i have like 10+ extensions loaded up at once. Would it be possible to add a feature/tickbox in the...
Page 57 of 66
Your source for help and advice on all things Burp-related.