Burp Suite User Forum
As far as I know, to intercept a response, I must manually intercept the response for that request using the Action button. A feature that would allow me to intercept all responses without having to go through the action...
Hello all, I would like to see a feature similar to "Proxy->Options>Match and Replace" that would affect not only the requests proxied by Burp but all the request within Burp. I explain, sometime, I would spider and...
We were performing an application penetration test on an internal production application with the Spider on.Now, blame it on whoever , our pentesters forgot to turn off the Form submitting feature of Spider and it went ahead...
Hi Team, While we perform an assessment for any webpage it shows all the sites under Site Map, but we have only limited sites under assessment scope on which we want to focus. A tag to mark some site as preferred (moving...
Hi, In today's best practice, medium risk and above applications implement some form of 2FA solution with sensitive functionality like authentication , forgot password, enabling transaction, account activation...
That would be great if Burpsuite has a programming interface like fiddlerscript in fiddler. That will allow tester to explore more potential of burpsuite and the requests made.
The Intruder option does not work for multipart/form-data requests with binary data. The Intruder tries to interpret the § symbols within the binary data and thinks these are payload locations. The Repeater should have a...
When following a manual testing workflow, I prefer to reference the site hierarchy under the Target tab, but there is no way to track progress or my remarks internally. If paths could be color-coded and allow comments or...
Hi, I'd like to request a feature in Proxy's Options- Match & Replaces where I can find a match, and replace it with existing messages. For clarity, suppose I want to append Origin header in each requests, but I want...
Basically this is an advanced search feature which gives a list of all values assigned to a parameter. The parameter can appear either in GET, POST, etc. requests or responses, or JSON, XML, etc. messages. The...
I sometimes find in performing test that there are devices in place that lock out web activities for 5-10 mins if too many perceived attacks are seen. I think it would be great to have a session handling rule that would...
Currently when starting a new burp project and loading it with a config file, you have to have every option filled in the JSON, otherwise it'll leave that field as blank in the new project. I'd really like it if you could...
I am unable to download can you send me a link to my product, thank you. And I could definitely use a new feature, I think my boyfriend is cheating on me any burp suite could help me out? Amy
Hi, I saw the new IResponseVariations API... They are great! To increase the power of these new API, It would be great to be able to add custom attributes. In this way a user can add an attribute and write his own code...
The "Session handling action editor" has a dropdown menu with two options to "Define behavior dependent on session validity": - Prompt for in-browser session recovery - Run a macro I would like to see "Invoke a Burp...
Hi, It would be nice if the Collaborator Client also showed the Response, ie. bt0fqqbb5tbzo2v7jim1cvzjigz, when its copied to the Clipboard. I suspect there would be cases where I would want a different response for each...
It would be nice to see the insertion point count on upcoming scans in the queue to good idea of what kinda of time it's going to take to scan the upcoming items. if you see you have 40 links all with 200+ insertion...
I'd like to be able to launch only my plugin during a scan. I think the scanner tab should perhaps have the option of enable/disabling a plugin in addition to the other [x] enable/disable buttons. Lets say I only want to do...
Hi there I was wondering whether there was a feature and if not it would be useful if you could update requests from the HTTP history with current authentication cookies without the need of copy and pasting them. Just...
Hello, It would be great, if by default both request and response are displayed in the Proxy Http History tab. In the current implementation, you have to choose request or response in the message view. Thank you Best...
Page 59 of 66
Your source for help and advice on all things Burp-related.