Feature Requests - Page 58 - Burp Suite User Forum

Grouping Threads for active scan

Hi, would be great if you could allow threads "per group". You dont want to burn one target down, but you might want to test other bits in parallel. An idea would be to allow an identifier set for a group per target...

NTLM Hash and kerberos ticket support for platform authentication

Currently NTLMv1/v2 platform authentication requires the plaintext password, but often the hash value cannot be cracked easily back into plaintext in an expedient manner. Additionally if the hash is generated based on a 2fa...

Active Scan configuration taken when scan request insered into the queue and not when scan start

Hi everybody, I did some test and seems that currently the active scan configuration is used to generate test cases when the scanner start to execute the tests on a specific request. That mean if you have a long queue and...

Show NTLM auth on requests

Currently NTLM authentication used in burp in not shown in any request and cannot be tracked/checked in anyway. A log should be usefull to check if there is problems. Maurizio

Require Confirmation for Clear History

Please add a confirmation dialog to clear history from the right click menu option. This is far to destructive to the project integrity and irreversible right now.

Burp supports Windows 2012 R2

Does Burp supports Windows 2012 R2 ?

Server down check

It would be very good to have some sort of keep-alive functionality to ping server whether it is still up, and depending on the pre-set response by user (e.g. custom error message), it would pause Active scanning until the...

Burp Infiltrator without DNS lookup

Dear Portswigger Team, Thanks for the brilliant work on Burp Infiltrator. I frequently run Burp Collaborator in internal environments without any outbound Internet connectivity, which means I have to set up Burp...

Post-Macro extracting parameter from last response

Hi, I am trying to run a request with a macro and post-macro to do this: Macro1 req1 / resp1 => extract param from rep1 Request get param from from last macro's response req / response (post)Macro2 ...

Support for Kerberos Auth.

Any chances this feature will be supported in the near future?

API to modify configuration of scanner via extension

It would be very useful to have API to modify the configuration of the scanner via an extension to run specific active scan with custom configuration (like run scan without cookie etc).

testing

?<iframe src=javascript:alert(419)>

"Resume" for Burp Collaborator Client

Hello, Why can't we restore Burp Colloborator Client? It should be possible for pentesters to also save the results of Burp Collaborator Client and then restore, as with any other Burp tools. Thanks

Separated Upstream proxy to Scan

Hi Guys! I have a situation running burp that requires a different upstream proxy for scanning. The idea is, basically allows you to select where the upstream proxy will be applied (Scan, Intruder, Repeater and stuff)....

Prevent Burp Proxy from recording some items based on the scope or other filter (e.g. regex)

Hi, I'm looking for a way to prevent Burp from recording some item in the Proxy history. The main reason is that I'm intercepting quite a lot of traffic from the intercepted device, which quickly increases Burp's memory...

improve burp handling of http requests

Hi I will explain the idea by an example, suppose this website " target.com " points to two IPs ( 1.1.1.1 & 2.2.2.2 ) and these IPs has open port " 80 " now we have 4 entry points to test A) when the server...

Detect when TRACE response has additional headers we didn't send

I nearly missed it as Burp only showed "HTTP Trace method is enabled" as informational, but actually this was pretty interesting: Request: TRACE / HTTP/1.1 Host: example.com Cookie: 6bwxjeof12 Connection:...

Simulate manual testing

So there is this new feature in Burp Pro under Engagement tools named "Simulate manual testing". It is awesome but it would be even better if it could automatically do conf calls with the client and generate the report, Q/A...

Post-macros

Hi, Right now macros only can be used as a session handling action to set a parameter or a cookie, but it would be very useful to use them after performing a request to test the contents of another response (for example,...

Possibility to sort Name column in the Open existing project panel

It is not possible to sort ASC or DESC by pressing the column name in the Open Existing Project panel. This is very useful to have. Thank you. Keep up the good work.