Feature Requests - Page 58 - Burp Suite User Forum

In intruder, putting add positions properly to JSON type request

When I assess the JSON type request, intruder put the add position like below: testparameter=${"user":"admin","password": "password00"}$ I would like to put the target position like...

Show base request variable in intruder

When running an attack with intruder, particularly a Sniper attack with number payload, it would be good if in the Payload field, the base request (request ID 0) displayed what the contents were between the $$ symbols. At...

Keyboard shortcut - Clear history and ALT-TAB

Can you add the ability to: a) Do things without confirmation if I so want? Clear History for example, close Burp for another. And generally do think of other common tasks and add the ability to do things with keyboard...

Display file name in Burp's caption bar

Perhaps this was already requested. If so, please ignore this request. I routinely save multiple proxy logs for the same application, depending on the type of test I'm conducting. At times I use several instances of Burp...

Differential Automatic Backup Functionality

Automatic Backup is fantastic, it saved our work quite some time, when the Java environment decided to give up and crash. But, storing every time 700 megs, for example, in a state file, will fill up any hard drive over a...

Automatic backup prefix

Hi, it would nice to have an option to set prefix for automatic backup file name. When I am working on project1, I would like easy to set up prefix 'project1'. Then I can switch i.e. to project2...

New backup feature and repeater

Hi, Features The first one: it would be nice to be able to set an prefix or suffix to the auto backup file name. Already there is only time and this feature would help to distinguish between projects/sections. It...

BApp Store: Sort Extensions by Date Updated

It is tough to identify new extensions in the Bapp Store. It would be easy to identify new extensions if there was an additional column that listed the date updated. This would also be useful to identify extensions that were...

Individual Enable/Disable Tickboxes for Platform Authentication Tickboxes

At the moment (and in the future) it would help during my testing that each set of credentials would have a tickbox next to them to enable or disable them. p.e. I use my basic authentication to login as admin, then log in...

OWASP

Some of our client like to map issue to known standards. Is there anyway to correspond the vulnerability with OWASP top 10 number (if it relates to it).

Intruder Dates payload: extend functionality to include times

The helpfulness of this payload when fuzzing a date/time parameter is automatic handling of the wrapping of values back to 1 when appropriate (i.e., avoid March 32nd). Extending the Dates payload with time components (down...

Improve flexibility of Proxy Match and Replace

There are already a couple of requests to handle specific use cases of conditional Match and Replace that were declined -- and I have my own use case as well -- but I'd like to suggest a couple of generic options that could...

Numbers Intruder payload: add an option to request all in a range randomly instead of sequentially

.

Remember setting for "Request in Browser: current/original session" In future just copy and skip

It would be nice if there was a permanent setting for "in future just copy and skip dialog." Bonus points for hotkeys for original/current session. Thanks for BSP...

force update check

Already posted here and then noticed, this is the new way to do it. http://forum.portswigger.net/thread/1686/force-update-check Current situation/problem: Burp only checks for new versions on startup. So when you can...

Map findings to OWASP and WASC Threat Classification v2.0

Every finding should be mapped to OWASP at a minimum. Every effort should be made to also map to WASC Threat Classification v2.0: http://projects.webappsec.org/w/page/13246978/Threat%20Classification

New and updated findings

Scanner > Issue definition: Delete: Type index Add: Creation date Add: Modification date

Show start/finish time of each item in the 'Scan queue'

I know there is logging available but this feature would be useful as another column

Burp Suite would be more useful if the software provided a server running version

Potentially a web interface, so that it could sit on a test server as a stub, with the ability to inspect and reject packet history. The ability to only inspect the UI locally makes it limited in usefulness for sitting in...

How do I avoid referer header

I am using burp to check the security level of our web application. But my application usually checking referer header. If this header is changed, session will be time out. So, how do I test my web application except for...