Feature Requests - Page 58 - Burp Suite User Forum

HTTP Parameter Pollution

Are there plans to implement HTTP Parameter Pollution tests? More info: https://www.owasp.org/index.php/Testing_for_HTTP_Parameter_pollution_%28OTG-INPVAL-004%29

Repeater tabs renaming and re-ordering feature request

Hi! It would be really useful if Burp allowed renaming and re-ordering the Repeater sub-tabs instead of only having fixed numbers. This would allow the user to organize requests and exactly know what each sub-tab has...

Intercept for websockets should be able to honour the scope

For client requests you can set it so that it only intercepts when the URL is in scope but for websockets it is either on or off. I've got all traffic going through Burp but only intercepting for my test sites but...

Feature Request

Hi, Add option to split view request and response (side by side) in HTTP Proxy History (same as repeater view) Thanks!

Notification alert in Burp when scans go out od session

This is regarding the session handling feature in Burp for web-applications. I was trying Burp scans for one of my applications and found that the session had timed-out and I got 302 redirection responses which redirects to...

Cert expiration time

Hello Portswigger, What do you think about adding an option to specify how long a service cert should be valid ? Currently, every cert is issued for 20 years which is more than 39 months - the limitation introduced in...

IRC Community Support

As responsive at the Portswigger team is (and I am impressed with their response times) I think that a community support channel on IRC would be benificial for collaboration and basic troubleshooting. Unfortunately, I do...

My letter to Santa Burp Team 2017 (Extender API enhancements)

Dear Santa Burp Team, My name is Luca and I am 37 years old. I have been a very good boy this year, and I would like the following Extender API enhancements: 1) Extend the support of IExtensionHelpers...

API extensions

Hi, I wrote an extension some time ago, but abandoned it due to missing API functionality. In particular, I needed the following: Ways to save extension state along with the rest of the saved state. While I could ask...

JWT Support

Does burp support session management JWT tokens using Authorization Bearer header? If yes, could anyone provide an explanation?

Random timing for intruder

Ability to set intruder to send requests at random times in a given range, for example a random time between 1 and 120 seconds for as many requests as you want.

Make Search Match better for Comparer

With SQL injections and other attack vectors it is necessary to check responses. However, if they are too long, it is hard to find highlighted text "by eye". I noticed there is a pre-defined shortcut for "Editor: Go to next...

Repeater History after tab closed

Hi Burp Community. Is it possible to keep Repeater History after a Repeater tab has been closed? Evidence is usually very important and it can get lost if i close my repeater windows. It would help a lot to have a...

Tip of the day

Can we have a tip of the day please?

Search lacks scanner option

Hello, It would be very useful if there is a tickbox in Burp->Search. Many times I have very large projects and I want to exclude the scanner results and some other times include them. Thank you

test Cross-site scripting in scanner using encoded payloads

Hello , I observed that the scanner was testing reflected XSS issues using payloads that are not URL encoded. This sometimes results in false positives as all modern popular browsers URL-encode special...

More reliable authenticated scanning

1) Consider this scenario: burp is configured to determine if the session is valid every 30 requests. Lets assume that the session will expire on the 20th request. In this case burp will recover the session but will have...

Save collaborator IBurpCollaboratorClientContext

Hi, If I am not wrong there is no way to save or recover an IBurpCollaboratorClientContext object, and if you create a collaborator client context using the createBurpCollaboratorClientContext() callback, right now there...

Extender API to add additional Decoder algorithms

Currently, there is no option to add additional algorithms to the "Decoder" from within an extension. For my first developed extension, I need(ed) base64url encoding/decoding to be supported and had to add an additional tab...

more flexible scanning

Imagine this scenario: I have 5 applications and sent many requests for test by repeater, proxy etc. Now they are accumulated 100 requests in the scanner waiting for the scanner to start. I would like to run 10 threads to...