Burp Suite User Forum

Create new post

Case Modification Intruder payload: add brute force mode

Please add an option that iterates through all the combinations of upper- and lowercase letters for each position. I.e., for an input string "abc", the output should be: abc aBc abC aBC Abc ABc AbC ABC While...

Last updated: Aug 15, 2016 07:38PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

Support CA Certificate Generation for Certs&Keys Greater Than 1024bit

Especially Apple is now enforcing "Best Practices" via App Transport Security. As a workaround I used this guide: https://nabla-c0d3.github.io/blog/2015/12/01/burp-ios9-ats/ Thank you.

Last updated: Aug 11, 2016 12:53PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

External service interaction (DNS)

Hi ! I have scanned a target address and found "External service interaction (DNS)" vulnerability. Is this related to DNS Zone Transfer? and How do i rate this vulnerability according to 1 to 10? please help me ASAP...

Last updated: Aug 04, 2016 01:13PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Global UI indicator that Live Active Scanning is enabled

There have been times that I've opened a project file, or returned to a project and forgot Live Active Scanning is enabled. Since almost every action in burp is very explicit, requiring user interaction. When live active...

Last updated: Jul 22, 2016 08:45AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Repeater - Quick toggle cookie jar usage

It is a common use case to want repeater to use the current cookie from the cookie jar. However sometime you want to make sure session authentication is working properly, so you intentionally want to use an old...

Last updated: Jul 20, 2016 08:25AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

How can I get XML view of a response that is in utf-16?

Hi, I don't have a convenient way to view responses with bodies that are XML encoded in utf-16. I think handling this would involve a coding change, but if there's a configuration I've overlooked, please let me...

Last updated: Jul 18, 2016 07:39PM UTC | 6 Agent replies | 6 Community replies | Feature Requests

Disable update checks

An option to disable update checks on startup would be great. This setting should also disable update checks when upstream proxy server settings are changed. This would be especially useful for Burp users that test in...

Last updated: Jul 15, 2016 12:09AM UTC | 4 Agent replies | 5 Community replies | Feature Requests

exponential backoff in Sequencer

When testing session tokens, usually the same request is sent over and over again to the server. Often this causes a considerable amount of load (as tests are usually made on test/quality/integration systems with lower...

Last updated: Jun 15, 2016 02:17PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

alternate native UI

Hi all, I am a visually impaired Burp user who unfortunately, cannot use Burp itself due to the native UI being completely unusable with screen readers. Therefore, I only have one remaining usability option; interact with...

Last updated: Jun 15, 2016 02:08PM UTC | 1 Agent replies | 2 Community replies | Feature Requests

Scan Queue / Scan Next - Order

When there are hundreds or even thousands of pages to scan it it isn't always the best use of time to attempt to weed out and try to select which items to scan or determine which ones are nearly identical except a...

Last updated: Jun 14, 2016 07:34AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Generate an issue report in JSON format

I'm part of an iterative security testing effort where I provide engineers with an issue report, they make fixes, repeat. We are trying to measure how successful each iteration is, meaning did security flaws from report 1...

Last updated: Jun 13, 2016 01:45PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Add more options for Logging

Hi team: Logging options are able to select the tool that you want log and select request or response, but I think that is necessary add a field where you can define a regular expression to log only the request and/or...

Last updated: Jun 08, 2016 08:56AM UTC | 0 Agent replies | 0 Community replies | Feature Requests

Multiple Cookie Jars

It would be great to have multiple cookie jars to operate with. Macros/Rules could specify which cookie jar they want to use and also a global option could specify the default cookie jar to maintain the current behaviour....

Last updated: Jun 07, 2016 09:47AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Support TLS decryption with pre-master secret

We are currently building a tool for extracting pre-master secret (PMS) values from memory of mobile devices. It would be great if Burp supported the decryption of TLS traffic with a list of PMS values just like Wireshark...

Last updated: Jun 06, 2016 01:21PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

global parameters

Burp contain few tools that allows export data, like Logging.. turn the project name and some other parameters to a global parameter will allow to use it while exporting data. for example, in the logging tool while picking...

Last updated: Jun 03, 2016 10:08AM UTC | 0 Agent replies | 0 Community replies | Feature Requests

seperate issue window that is detachable

hi, I really liked the old burp where the issues found by scanner are in the scanner window's tab. Now its in the target tab and for me it making me difficult to work with. contents frame in the sitemap tab has been...

Last updated: May 20, 2016 08:28AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Web interface (or other out-of-band) "emergency save state" function for use when UI has locked up

Burp is a truly fantastic product. However, I regularly encounter situations in which the GUI for it locks up. Of course, this tends to happen when I'm in the middle of a pen test and haven't saved my state for an hour or...

Last updated: May 20, 2016 08:25AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Archive or clear requests without deleting them?

Sometimes in a large project, I may have 40000+ requests. This makes filtering very slow and sometimes appears to make Burp freeze. Is there any way to remove requests from the current list without deleting them? I still...

Last updated: May 16, 2016 12:28PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Collaborator interface for extensions

Although extensions can perform active and passive scans, AFAIK they have no access to collaborator, thus cannot verify out-of-band interaction. Am I mistaken? If no, it would be a great thing to have.

Last updated: May 13, 2016 09:54AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Orchestrate Repeater Requests

It is often needed to orchestrate or time (as in timing) a sequence of requests in relation to one another. Simple Examples: 1) Send Request '1' 2) Wait 1 second 3) Send Request '2' This is hard to do manually...

Last updated: Apr 28, 2016 07:53AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Page 59 of 64

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image