Burp Suite User Forum
1) Consider this scenario: burp is configured to determine if the session is valid every 30 requests. Lets assume that the session will expire on the 20th request. In this case burp will recover the session but will have...
Hi, If I am not wrong there is no way to save or recover an IBurpCollaboratorClientContext object, and if you create a collaborator client context using the createBurpCollaboratorClientContext() callback, right now there...
Currently, there is no option to add additional algorithms to the "Decoder" from within an extension. For my first developed extension, I need(ed) base64url encoding/decoding to be supported and had to add an additional tab...
Imagine this scenario: I have 5 applications and sent many requests for test by repeater, proxy etc. Now they are accumulated 100 requests in the scanner waiting for the scanner to start. I would like to run 10 threads to...
I would like to ask for more web-scraping capabilities. Let's say I have an intruder to iterate through hundreds of payloads (e.g. page 1, 2, ...), and responses are always of the same format (XML, CSV, ...). I'm able to...
I was attempting to create an extension that would offer an option to automatically censor passwords or particular secrets within the Proxy HTTP History. Unfortunately, this does not appear to be possible, because the Burp...
I used to use the Compare tab a lot in Burp but every time I need to scroll manually in order to find the differences. If we have a button (like find) to navigate between the differences it'll be epic! :D
This would be useful in the following scenario: 1) portal.example.org is available externally (to everyone) 2) admin.example.org is restricted to internal network access only 3) Apache with the following...
Hi, It would be nice if Burp intruder get some additional options. Like an trigger option to manipulate the scan data or automatically rescan if there is an error in the replay.
It would be great to have a feature that allowed us to import HTTP Archive (HAR) files to help facilitate automated testing and integration with other tools....
Hello, Could be possible for further releases, an option to specify the payload to be part of the IP address to connect to? For example, if I have a list of IP address to which I want to send an specific HTTP packet,...
When looking for web application behavior in response to fuzzing, I'm often looking for changes in the response length. The problem is that reflected input could obscure minor variations in the response that is separate from...
When configuring "Dates" payloads in Intruder, non-digits characters like whitespace produce surprising behaviors that are hard to debug (no visual feedbacks outside of the "Request count"). For exemple, from 20 July 2017...
In proxy options, there is bind address option in which there is specific address option. In free edition, I cannot give a specific address manually, there is a list of addresses, we cannot give any specific address. So I...
An extension's version number is useful however it would be really useful to see the release dates for the extensions available in the BApp Store. Links to the extension and version history would also be useful. This way we...
I like the new feature to allow me to not save out of scope requests to the proxy history and target tab. What I'd like is to also have the ability to purge out of scope requests that are already stored in history. Back in...
Dark theme/something that colours your history based on certain values, be it regex, host or whether the request is get or post.
Currently, active and passive checks initiated by extensions are run for every scan (i.e. even if no "Scanning Areas" are selected). Having new Scanning Areas (one for passive, one for active) dedicated to...
As discussed ~ 1 year ago: https://support.portswigger.net/customer/portal/questions/16241817-add-a-response-received-column-in-proxy-history
At the moment the tool generates the following curl command: curl -i -s -k -X $'GET' $'https://10.10.10.10/' If using the long version of the parameters it will be presented as: curl --include --silent --insecure...
Page 58 of 68
Your source for help and advice on all things Burp-related.