Feature Requests - Page 6 - Burp Suite User Forum

BRUTE FORCE LOGIN FORM

Hey guys i am starting-blocks with burp with brute force méthode login form. I tried to use it on website specialized for vulnérability and it seems to work gréât. When i make a request, burp gave the username and the...

Make use of the del key to be able to delete a line in the HTTP history

Hello, As you can see by the subject it is pretty easy and it's even surprising that it is not here by default. When we want to delete the reqs one by one and we quickly want to check if they are not useful, we need to...

Corporate BAppStore

Hi Team, would it be possible to have a "corporate" BAppStore which would extend the current BAppStore and allow testers to point BurpSuite to that BAppStore to download not only the official BApp extensions, but also...

the ability to reset a lab

after mucking about with: https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-stealing-cookies i ended up messing the pages with csrf reuests\blocking the comment form. even though i can send...

Reset labs

Could you reset all my labs and progress?

Ability to turn off proxy in Burp Browser

I think it will be helpful to have the option to turn off the proxy on Burp Browser while navigating a site. Use cases: Log in to a website without capturing the login credentials in Burp, or wanting to leave out the...

Using X-Forwarded-host in Web cache poisoning

I'm currently working on the web cache poisoning with an unkeyed header lab but whenever I put x=forwarded-host in my header I don't receive a response back. I even tested this by sending the header with just ?cb=1234 and...

Burp Suite Data Sheet

Please provide the Burp Suite Features/Data Sheet

Progress bar under each topic tab in learning path page

Hello, I'd like to to see the progression towards completion under each topic tab in the "learning path" page. Not sure whether it would look cool or not... Maybe make it enable/disable? Thanks for the great resources!

Limitations for recorded login sequences

Hi Support, We are in need of testing a web application that relies on google sso pop up, and as you wrote "Burp Scanner is currently unable to replay login sequences that rely on popups or <iframe> elements." there is a...

educational licence

I'm student. I can't buy PROFESSIONAL License. Can you Please give me a PROFESSIONAL. Can help me with the Pro License. Thank you.

Burp Intruder Payload Type "File"

I couldn't find an option or even an extension that takes a list of files and uses the file contents in a POST request. This would be very useful to make file upload function tests more efficient. I imagine a new payload...

Expose IScanIssue Requests with Markers

Some scan issues contain marker information in the request/response for easier identification of issue, but there is no way to access these markers through the extender API. The IScanIssue.getHttpMessages() function...

Unable to intercept traffic of mobile application hosted over VPN

Currently facing issues with intercepting the traffic using Burp Suite from a mobile application after whitelisting the public IP address. What is achieved so far: I. Able to intercept the traffic from mobile device’s...

Enable logging on the opening screen

Hello! I think that most business users always use logging. Unfortunately sometimes we forget to turn it on under Project Settings / Misc. Could you put a checkbox in the "New project on disk" section of the opening screen...

Reset

Can you reset all my labs expect sql injection and path traversal.

Regarding Java version

Hi, Recently we are seeing nessus vulnerability issue regarding the oracle java version as below: Plugins: 166316 Oracle Java SE Multiple Vulnerabilities (October 2022 CPU). "<plugin_output> Path :...

How does Burp Suite Enterprise choose when two configuration files conflict?

Hi, Team: We can upload more than two configuration files for a site in Burp Suite Enterprise (Settings > Configuration). but how does Burp Suite Enterprise choose when two configuration files conflict? The A...

Content Discovery Improvements

Hi, I raised this issue a year or two back (don't recall the outcome, but it is not yet a feature)and wanted to raise it and one other again. The Content Discovery feature produces too much noise in its default...

Multiple Extensions enabled on a single click

A user by selecting multiple plugins from the list can be enabled using a single click without each extension opening a separate widow. Include a separate tab to show which extensions did not load and their respective...