Feature Requests - Page 59 - Burp Suite User Forum

Error Output

Hi, I'm abend. Burp didn't start installing bapp store's item , because I mistook bad proxy setting. I want to output errorlog on Alerts tab that it can't install. regards

Support base64 for bit flipper payload

Currently the bit flipper payload can handle ASCII hex or literal values, but often I want to flip bits in a base64 payload. It would be super nice if this were built in!

multi instances with one user license on the same machine

using different projects and different Burp instances for each target. with one user license, on the same machine.

Add an option to disable any local domain name resolution when an upstream proxy is being used

For more information see https://support.portswigger.net/customer/portal/questions/12807053-burp-triggers-dns-queries-despite-using-an-upstream-proxy

API Support for repeater & Sequencer

http://forum.portswigger.net/thread/1117/api-sequencer As per your response for API support for Sequencer, it wasn't on the roadmap back in July 2014. Any updates on when this would be available? On a Similar note, do...

Decoder - URL decode special characters only

I would like to have the option to decode only the special (or non-alphanumeric) characters in a string. This is commonplace in URL parameters. The decoder seems to only decode/encode ALL characters in the string.

Change example.com mail domain in the scanner

The scanner injects the "example.com" domain in a lot of requests. Especially in contact forms it would come in handy to have this customisable to another domain. The solution would be to give a user the option to change...

Merge audit results from scans

It would be nice if we could merge results from ongoing scans, similar to static analysis results like fortify or checkmarx, such that we don't have to re-look at false positives that have previously been audited as such.

Make filter input field red when active

Hi, I have a small, but potentially time saving request: Could you please make the filter input field in the Target and Proxy tabs turn red when a filter is active? This is purely a visible indication to show the user...

Save/Copy/Move payload list

Hello, It would be nice to be able to save, copy or move a payload list in intruder. Sometimes I'm doing some tests, I need to add a new payload (try to exploit another variable, etc.) and if it comes before the one I...

Hash responses/request

Hello, Sometimes I need to compare responeses (or requests). Any minor change is interesting. Maybe 95% of the answers are the same (thousands of requests), sometimes length doesn't vary. Hashing will make detecting...

Collaborator Server Version

Hi, While doing a Health Check on the Collaborator Server it would help if it returned the Version #. Especially for making sure a Private Server is up to date. Thanks

Use Collaborator server for CSRF POCs?

Currently, my favorite ways to generate the "meat" for a CSRF demo is to use the Burp CSRF engagement tool. However, after I run the test locally with the burp tool, if I am dealing with XHR and CORS, I always move the POC...

Duplicate entries in scan queue

Why does Burp make duplicate entries with a status of "waiting" in the scan queue. It seems trivial to scan the list in code prior to the addition of a new URL and to not add it if there is already one there. I am requesting...

Use Other Burp Instance on Different Port as an Upstream Proxy to see Scanner requests

If I want to see what requests are being sent by scanner, I usually run another Burp proxy instance and set my Upstream proxy to it. In that way when I look at the proxy history tab of that other burp proxy instance, I'd be...

Burp Testing Methodologies

Findings should include links to relavent Burp Testing Methodologies: https://support.portswigger.net/customer/portal/topics/792273-burp-testing-methodologies/articles?page=1

Session handling rule action - replace part of request

Hi, I'd like to propose a new session handling rule action that would basically replace any part of a request with a predefined constant. Just like s/const1/const2/g in vi would do. Thanks, PSi

Additional step for scanner options when launching active scanner.

It would be awesome to have an additional step when launching an active scan, for configuring what are the parameters that we want to scan without have to mess with the general config. For example: Lets say that for this...

"onmouseover="prompt(1);"

"'><li onmousover=alert(1)>xxx</li>

IS there any new vulnerability introduced??

IS there any new vulnerability introduced apart from OWASP top ten.