Burp Suite User Forum

Create new post

More reliable authenticated scanning

1) Consider this scenario: burp is configured to determine if the session is valid every 30 requests. Lets assume that the session will expire on the 20th request. In this case burp will recover the session but will have...

Last updated: Sep 13, 2017 07:02PM UTC | 3 Agent replies | 2 Community replies | Feature Requests

Save collaborator IBurpCollaboratorClientContext

Hi, If I am not wrong there is no way to save or recover an IBurpCollaboratorClientContext object, and if you create a collaborator client context using the createBurpCollaboratorClientContext() callback, right now there...

Last updated: Sep 13, 2017 10:04AM UTC | 2 Agent replies | 2 Community replies | Feature Requests

Extender API to add additional Decoder algorithms

Currently, there is no option to add additional algorithms to the "Decoder" from within an extension. For my first developed extension, I need(ed) base64url encoding/decoding to be supported and had to add an additional tab...

Last updated: Sep 08, 2017 03:25PM UTC | 0 Agent replies | 1 Community replies | Feature Requests

more flexible scanning

Imagine this scenario: I have 5 applications and sent many requests for test by repeater, proxy etc. Now they are accumulated 100 requests in the scanner waiting for the scanner to start. I would like to run 10 threads to...

Last updated: Sep 07, 2017 12:37PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Extended grep-extract in Intruder to cover more occurrences

I would like to ask for more web-scraping capabilities. Let's say I have an intruder to iterate through hundreds of payloads (e.g. page 1, 2, ...), and responses are always of the same format (XML, CSV, ...). I'm able to...

Last updated: Sep 07, 2017 10:08AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Allow extensions to modify proxy history

I was attempting to create an extension that would offer an option to automatically censor passwords or particular secrets within the Proxy HTTP History. Unfortunately, this does not appear to be possible, because the Burp...

Last updated: Sep 05, 2017 03:01PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Compare Navigate

I used to use the Compare tab a lot in Burp but every time I need to scroll manually in order to find the differences. If we have a button (like find) to navigate between the differences it'll be epic! :D

Last updated: Aug 29, 2017 09:44AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Enable proxy-style request

This would be useful in the following scenario: 1) portal.example.org is available externally (to everyone) 2) admin.example.org is restricted to internal network access only 3) Apache with the following...

Last updated: Aug 23, 2017 10:55AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Burp intruder extentions

Hi, It would be nice if Burp intruder get some additional options. Like an trigger option to manipulate the scan data or automatically rescan if there is an error in the replay.

Last updated: Aug 09, 2017 01:57PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Ability to import traffic from .HAR files

It would be great to have a feature that allowed us to import HTTP Archive (HAR) files to help facilitate automated testing and integration with other tools....

Last updated: Aug 09, 2017 07:53AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

payload in the "target" tab of the intruder

Hello, Could be possible for further releases, an option to specify the payload to be part of the IP address to connect to? For example, if I have a list of IP address to which I want to send an specific HTTP packet,...

Last updated: Aug 07, 2017 07:09AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Intruder Column for Response Length Independent of Payload Size

When looking for web application behavior in response to fuzzing, I'm often looking for changes in the response length. The problem is that reflected input could obscure minor variations in the response that is separate from...

Last updated: Jul 31, 2017 01:46PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Stricter validation on Intruder payload "Dates"

When configuring "Dates" payloads in Intruder, non-digits characters like whitespace produce surprising behaviors that are hard to debug (no visual feedbacks outside of the "Request count"). For exemple, from 20 July 2017...

Last updated: Jul 21, 2017 07:01AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Burp Suite Enquiry about settings

In proxy options, there is bind address option in which there is specific address option. In free edition, I cannot give a specific address manually, there is a list of addresses, we cannot give any specific address. So I...

Last updated: Jul 20, 2017 07:10AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Extension release dates in BApp Store

An extension's version number is useful however it would be really useful to see the release dates for the extensions available in the BApp Store. Links to the extension and version history would also be useful. This way we...

Last updated: Jul 19, 2017 10:31AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Purge out of scope requests from proxy history

I like the new feature to allow me to not save out of scope requests to the proxy history and target tab. What I'd like is to also have the ability to purge out of scope requests that are already stored in history. Back in...

Last updated: Jul 19, 2017 08:07AM UTC | 2 Agent replies | 0 Community replies | Feature Requests

UI change

Dark theme/something that colours your history based on certain values, be it regex, host or whether the request is get or post.

Last updated: Jul 19, 2017 07:36AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Add "Extension provided checks" to "Active / Passive Scanning Areas"

Currently, active and passive checks initiated by extensions are run for every scan (i.e. even if no "Scanning Areas" are selected). Having new Scanning Areas (one for passive, one for active) dedicated to...

Last updated: Jul 19, 2017 07:31AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Add a "Response Received" column in Proxy History

As discussed ~ 1 year ago: https://support.portswigger.net/customer/portal/questions/16241817-add-a-response-received-column-in-proxy-history

Last updated: Jul 18, 2017 10:53PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

Use long/verbose parameters for curl command

At the moment the tool generates the following curl command: curl -i -s -k -X $'GET' $'https://10.10.10.10/' If using the long version of the parameters it will be presented as: curl --include --silent --insecure...

Last updated: Jul 18, 2017 08:03PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Page 58 of 68

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image