Feature Requests - Page 59 - Burp Suite User Forum

Requesting a feature that allows us to automatically intercept all responses

As far as I know, to intercept a response, I must manually intercept the response for that request using the Action button. A feature that would allow me to intercept all responses without having to go through the action...

Global Regex Rules

Hello all, I would like to see a feature similar to "Proxy->Options>Match and Replace" that would affect not only the requests proxied by Burp but all the request within Burp. I explain, sometime, I would spider and...

Spider and Scanner History

We were performing an application penetration test on an internal production application with the Spider on.Now, blame it on whoever , our pentesters forgot to turn off the Form submitting feature of Spider and it went ahead...

Mark targets as preferred - Site Map

Hi Team, While we perform an assessment for any webpage it shows all the sites under Site Map, but we have only limited sites under assessment scope on which we want to focus. A tag to mark some site as preferred (moving...

Burp 2FA integration - Disable human intervention during 2FA process

Hi, In today's best practice, medium risk and above applications implement some form of 2FA solution with sensitive functionality like authentication , forgot password, enabling transaction, account activation...

Programming interface

That would be great if Burpsuite has a programming interface like fiddlerscript in fiddler. That will allow tester to explore more potential of burpsuite and the requests made.

Allow Repeater to execute a request several times

The Intruder option does not work for multipart/form-data requests with binary data. The Intruder tries to interpret the § symbols within the binary data and thinks these are payload locations. The Repeater should have a...

Target organization

When following a manual testing workflow, I prefer to reference the site hierarchy under the Target tab, but there is no way to track progress or my remarks internally. If paths could be color-coded and allow comments or...

Options to match & replace from existing message (like regex backreferences)

Hi, I'd like to request a feature in Proxy's Options- Match & Replaces where I can find a match, and replace it with existing messages. For clarity, suppose I want to append Origin header in each requests, but I want...

"Parameter values extractor"

Basically this is an advanced search feature which gives a list of all values assigned to a parameter. The parameter can appear either in GET, POST, etc. requests or responses, or JSON, XML, etc. messages. The...

Session Handling Rule - On Failure - Switch Proxy

I sometimes find in performing test that there are devices in place that lock out web activities for 5-10 mins if too many perceived attacks are seen. I think it would be great to have a session handling rule that would...

partial JSON config files

Currently when starting a new burp project and loading it with a config file, you have to have every option filled in the JSON, otherwise it'll leave that field as blank in the new project. I'd really like it if you could...

Cannot down load

I am unable to download can you send me a link to my product, thank you. And I could definitely use a new feature, I think my boyfriend is cheating on me any burp suite could help me out? Amy

IResponseVariations - set attribute

Hi, I saw the new IResponseVariations API... They are great! To increase the power of these new API, It would be great to be able to add custom attributes. In this way a user can add an attribute and write his own code...

Add "Invoke Extension" to "Session Handling Action Editor"

The "Session handling action editor" has a dropdown menu with two options to "Define behavior dependent on session validity": - Prompt for in-browser session recovery - Run a macro I would like to see "Invoke a Burp...

Collaborator Client

Hi, It would be nice if the Collaborator Client also showed the Response, ie. bt0fqqbb5tbzo2v7jim1cvzjigz, when its copied to the Clipboard. I suspect there would be cases where I would want a different response for each...

Preview insertion points in upcoming scans in scan queue

It would be nice to see the insertion point count on upcoming scans in the queue to good idea of what kinda of time it's going to take to scan the upcoming items. if you see you have 40 links all with 200+ insertion...

Scan for ONLY burp suite plugin (custom insertion point)

I'd like to be able to launch only my plugin during a scan. I think the scanner tab should perhaps have the option of enable/disabling a plugin in addition to the other [x] enable/disable buttons. Lets say I only want to do...

A way to update previous requests in from your site map with your current authentication tokens

Hi there I was wondering whether there was a feature and if not it would be useful if you could update requests from the HTTP history with current authentication cookies without the need of copy and pasting them. Just...

Proxy tab Http history - display both request and response of the selected message

Hello, It would be great, if by default both request and response are displayed in the Proxy Http History tab. In the current implementation, you have to choose request or response in the message view. Thank you Best...