Feature Requests - Page 57 - Burp Suite User Forum

In intruder, setting up payload with "Grep - Match"

When I use intruder, I have to set up payload and "Grep - Match" each time. So I would like to set up them same time.

Load Macro Parameter from File

When configuring a macro item, each parameter's value has the option of "Use preset value" or "Derive from prior response". I'd like the capability to load a parameter's value from a file at runtime by specifying a...

Decoder enhancements - user interface

Two items to request (both mentioned in former user forum): 1. Multiple decoder tabs (self-explanatory) 2. Clipboard context menu within the input field. This seems simple enough, but essentially this will give users...

Decoder enhancements - algorithms

To minimize switching between Burp and other tools for crypto-analysis, add more options to Burp's Decoder. Here are a few suggestions: - keyed algorithms (DES, 3DES, AES, XOR, ROTn, etc) - Anything OpenSSL enc/dec...

Showing Current Request with the Last Response from the Macro

When using Intruder/Repeater with "Post Request Macro" and setting "Pass back to the invoking tool:" = "The final response from the macro", Intruder/Repeater only show the pair of "the final request sent by Post Request...

Feature Request - intruder/scanner

Hi Team, I am Takeshi Sato from Japan. I am always using burp on my work so I have some feature requests. First request is regarding intruder. When I am using intruder, I often change the payload and I have to change...

Auto start certain Engagement tools

Target > Site map > right click on target URL > Engagement tools: Find comments - should auto start Find scripts - should auto start Find references already does this.

Add tests for SQL injection with Tabs rather than Spaces?

I was working through the Pentester Lab: Web For Pentester (https://www.vulnhub.com/entry/pentester-lab-web-for-pentester,71/) SQL injections, and the Example 2 injection rejects all inputs with spaces in them. Using TAB...

Out-of-Scope Requests

The following section: Options > Connections > Out-of-Scope Requests should be moved to Target Scope.

Every time the Burp is started, the previous Target - Scope and the Target Filter are reset.

save state wizard. (Exclude static content, Exclude by file extension)

Hi, result: huge state file. why? huge static web application with few dynamic pages New feature on the save state wizard: Exclude static content / export dynamic content only Exclude by file extension Thanks in...

Ability to Add to Scope from Proxy Intercept Tab

I do not believe this is possible today but I would like if there was an option "Add to scope" as one of the options under "Action" when intercepting packets. Thanks!

State Management - Display the current State

During an engagement I will work with and save multiple states. Once I load or save a state I would like Burp to display the current state loaded. I tt would make it easier to manage all the various files. It would also...

PHP extract() vulnerabilities

Please see this post about the risks of using PHP function extract() improperly: http://davidnoren.com/2013/07/03/php-extract-vulnerability/ At the end of the post are a few ideas on how to test for it. Unsure if those...

Remove duplicates

Scanner > Scan queue > sort by URL. Need a way to right-click and say "Remove Duplicates".

Automatically add repeater results to the site map

Hello, It would be nice if an option could be added to automatically add the repeater results to the site map. I work quite a lot with the repeater and it could be nice to have a direct access to search and other...

Ability to edit several rows on parameters viewing tab during editing of intercepted message

Ability to edit several rows (i.e. values/names of several POST parameters) on parameters viewing tab during editing of intercepted message (Proxy module) would helped a lot.

Brute Force

It would be nice if the burp pro spider had an option to "brute force" files and check for the most common 100 or so files in each directory. Will

ShellShock

Hi Support, I’m just curious if you’re going to release anything for ShellShock (recent bash vulnerability) detection. Please let me know about your plans. Thanks, David