Burp Suite User Forum

Create new post

Change example.com mail domain in the scanner

The scanner injects the "example.com" domain in a lot of requests. Especially in contact forms it would come in handy to have this customisable to another domain. The solution would be to give a user the option to change...

Last updated: Oct 07, 2015 07:45AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Merge audit results from scans

It would be nice if we could merge results from ongoing scans, similar to static analysis results like fortify or checkmarx, such that we don't have to re-look at false positives that have previously been audited as such.

Last updated: Oct 07, 2015 07:42AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Make filter input field red when active

Hi, I have a small, but potentially time saving request: Could you please make the filter input field in the Target and Proxy tabs turn red when a filter is active? This is purely a visible indication to show the user...

Last updated: Sep 25, 2015 12:53PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Save/Copy/Move payload list

Hello, It would be nice to be able to save, copy or move a payload list in intruder. Sometimes I'm doing some tests, I need to add a new payload (try to exploit another variable, etc.) and if it comes before the one I...

Last updated: Sep 24, 2015 03:32PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Hash responses/request

Hello, Sometimes I need to compare responeses (or requests). Any minor change is interesting. Maybe 95% of the answers are the same (thousands of requests), sometimes length doesn't vary. Hashing will make detecting...

Last updated: Sep 24, 2015 08:27AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Collaborator Server Version

Hi, While doing a Health Check on the Collaborator Server it would help if it returned the Version #. Especially for making sure a Private Server is up to date. Thanks

Last updated: Sep 22, 2015 07:48AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Use Collaborator server for CSRF POCs?

Currently, my favorite ways to generate the "meat" for a CSRF demo is to use the Burp CSRF engagement tool. However, after I run the test locally with the burp tool, if I am dealing with XHR and CORS, I always move the POC...

Last updated: Sep 21, 2015 06:46PM UTC | 1 Agent replies | 2 Community replies | Feature Requests

Duplicate entries in scan queue

Why does Burp make duplicate entries with a status of "waiting" in the scan queue. It seems trivial to scan the list in code prior to the addition of a new URL and to not add it if there is already one there. I am requesting...

Last updated: Sep 18, 2015 08:03AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Use Other Burp Instance on Different Port as an Upstream Proxy to see Scanner requests

If I want to see what requests are being sent by scanner, I usually run another Burp proxy instance and set my Upstream proxy to it. In that way when I look at the proxy history tab of that other burp proxy instance, I'd be...

Last updated: Sep 15, 2015 10:52AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Burp Testing Methodologies

Findings should include links to relavent Burp Testing Methodologies: https://support.portswigger.net/customer/portal/topics/792273-burp-testing-methodologies/articles?page=1

Last updated: Sep 14, 2015 03:42PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Session handling rule action - replace part of request

Hi, I'd like to propose a new session handling rule action that would basically replace any part of a request with a predefined constant. Just like s/const1/const2/g in vi would do. Thanks, PSi

Last updated: Sep 14, 2015 12:28PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Additional step for scanner options when launching active scanner.

It would be awesome to have an additional step when launching an active scan, for configuring what are the parameters that we want to scan without have to mess with the general config. For example: Lets say that for this...

Last updated: Sep 14, 2015 11:48AM UTC | 2 Agent replies | 4 Community replies | Feature Requests

"onmouseover="prompt(1);"

"'><li onmousover=alert(1)>xxx</li>

Last updated: Aug 28, 2015 01:06PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

IS there any new vulnerability introduced??

IS there any new vulnerability introduced apart from OWASP top ten.

Last updated: Aug 10, 2015 08:02AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

setting case sensitivity option

When I'm sure I'm testing Windows environment and it doesn't matter on sensitivity, would it be possible to introduce an option where this could be turned on? I noticed that e.g. in Target Analyzer -> Parameters you are...

Last updated: Jul 31, 2015 01:17PM UTC | 0 Agent replies | 0 Community replies | Feature Requests

Save All Repeater Tabs in State File

See bug report here for context: https://support.portswigger.net/customer/portal/questions/11548096-not-all-repeater-tabs-saved-restored-via-state-file I send requests to Repeater as I explore an application, and go back...

Last updated: Jul 22, 2015 07:13PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Feature request (other ssl/tls protocol support)

What would compliment this great tool is the ability to support other protocols that run on SSL/TLS like SMTP secure and IMAP secure. There are other proxy like tools out there for these protocol yet none of them provide...

Last updated: Jul 21, 2015 07:48PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Intercept Queue

Would it be possible to add a "Queue" to the Intercept tab. This would show the requests/responses queued to be intercepted and they would be removed from the queue after they are intercepted. On occasions where there are...

Last updated: Jul 19, 2015 01:46PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Add "Close All Tabs" button to the Repeaster

In the repeater tab, I would like a “close all tabs” button. In the Mac-look-and-feel-GUI; if you click the X, the tabs auto-adjust slightly to re-center. Thus, you click X and move the mouse. Repeat 52 times (yes, I had...

Last updated: Jul 08, 2015 10:43AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

ASP.NET ValidateRequest bypass + tuning

According to my experience Burp Suite doesn't check for this type of ValidateRequest filter bypass: http://www.jardinesoftware.net/2011/07/17/bypassing-validaterequest/ Would it be possible to add this to the...

Last updated: Jul 08, 2015 08:02AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Page 60 of 62

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image