Feature Requests - Page 59 - Burp Suite User Forum

exponential backoff in Sequencer

When testing session tokens, usually the same request is sent over and over again to the server. Often this causes a considerable amount of load (as tests are usually made on test/quality/integration systems with lower...

alternate native UI

Hi all, I am a visually impaired Burp user who unfortunately, cannot use Burp itself due to the native UI being completely unusable with screen readers. Therefore, I only have one remaining usability option; interact with...

Scan Queue / Scan Next - Order

When there are hundreds or even thousands of pages to scan it it isn't always the best use of time to attempt to weed out and try to select which items to scan or determine which ones are nearly identical except a...

Generate an issue report in JSON format

I'm part of an iterative security testing effort where I provide engineers with an issue report, they make fixes, repeat. We are trying to measure how successful each iteration is, meaning did security flaws from report 1...

Add more options for Logging

Hi team: Logging options are able to select the tool that you want log and select request or response, but I think that is necessary add a field where you can define a regular expression to log only the request and/or...

Multiple Cookie Jars

It would be great to have multiple cookie jars to operate with. Macros/Rules could specify which cookie jar they want to use and also a global option could specify the default cookie jar to maintain the current behaviour....

Support TLS decryption with pre-master secret

We are currently building a tool for extracting pre-master secret (PMS) values from memory of mobile devices. It would be great if Burp supported the decryption of TLS traffic with a list of PMS values just like Wireshark...

global parameters

Burp contain few tools that allows export data, like Logging.. turn the project name and some other parameters to a global parameter will allow to use it while exporting data. for example, in the logging tool while picking...

seperate issue window that is detachable

hi, I really liked the old burp where the issues found by scanner are in the scanner window's tab. Now its in the target tab and for me it making me difficult to work with. contents frame in the sitemap tab has been...

Web interface (or other out-of-band) "emergency save state" function for use when UI has locked up

Burp is a truly fantastic product. However, I regularly encounter situations in which the GUI for it locks up. Of course, this tends to happen when I'm in the middle of a pen test and haven't saved my state for an hour or...

Archive or clear requests without deleting them?

Sometimes in a large project, I may have 40000+ requests. This makes filtering very slow and sometimes appears to make Burp freeze. Is there any way to remove requests from the current list without deleting them? I still...

Collaborator interface for extensions

Although extensions can perform active and passive scans, AFAIK they have no access to collaborator, thus cannot verify out-of-band interaction. Am I mistaken? If no, it would be a great thing to have.

Orchestrate Repeater Requests

It is often needed to orchestrate or time (as in timing) a sequence of requests in relation to one another. Simple Examples: 1) Send Request '1' 2) Wait 1 second 3) Send Request '2' This is hard to do manually...

Show Platform Authentication header on proxy requests

The platform auth is removed form the header shown in the proxy tab (also you see only one request). It would be useful to see these headers and the full request to understand when the auth is done...

disable Payload encoding and auto load payloads through API

It would be nice if the payloads get automatically loaded from custom file when invoking sendToIntruder method and API method to disable URL encode these characters through API. Thereby launching the attack through API

Proxy: Warn when leaving the project scope

It would be a nice little feature for manual testing if burp would show a warning in the browser, when leaving the configured scope while browsing a site. The warning should only be displayed in the browser and give a...

Workbench for items that one wants to take a closer look on later

It'd be a neat feature if burp would have some sort of "Workbench", where one could send requests to that one wants to inspect later. I often find myself in a situation where I'm quickly checking autoscan results and...

Restore scan queue issues column

I have been using Burp for many years and appreciate all the updates and features. One feature/bug that have been bugging (pardon the pun) me is when one restores a previous Burp state, the Issues column in the scan queue...

Pass back in "Run post-request macro"

Currently, a session handling rule running a post-request macro can pass back to the invoking tool either: - the response from the current request - the final response from the macro In multi-step work-flows, it is...

Not only log time but also log date

L.S. I use Burp Suite to log browser activity for a long period. Within the log on disk and on the HTTP history only the time of a request/response, not the date, is logged. Could you please also log the date in a...