Feature Requests - Page 61 - Burp Suite User Forum

improve burp handling of http requests

Hi I will explain the idea by an example, suppose this website " target.com " points to two IPs ( 1.1.1.1 & 2.2.2.2 ) and these IPs has open port " 80 " now we have 4 entry points to test A) when the server...

Detect when TRACE response has additional headers we didn't send

I nearly missed it as Burp only showed "HTTP Trace method is enabled" as informational, but actually this was pretty interesting: Request: TRACE / HTTP/1.1 Host: example.com Cookie: 6bwxjeof12 Connection:...

Simulate manual testing

So there is this new feature in Burp Pro under Engagement tools named "Simulate manual testing". It is awesome but it would be even better if it could automatically do conf calls with the client and generate the report, Q/A...

Post-macros

Hi, Right now macros only can be used as a session handling action to set a parameter or a cookie, but it would be very useful to use them after performing a request to test the contents of another response (for example,...

Possibility to sort Name column in the Open existing project panel

It is not possible to sort ASC or DESC by pressing the column name in the Open Existing Project panel. This is very useful to have. Thank you. Keep up the good work.

Requesting a feature that allows us to automatically intercept all responses

As far as I know, to intercept a response, I must manually intercept the response for that request using the Action button. A feature that would allow me to intercept all responses without having to go through the action...

Global Regex Rules

Hello all, I would like to see a feature similar to "Proxy->Options>Match and Replace" that would affect not only the requests proxied by Burp but all the request within Burp. I explain, sometime, I would spider and...

Spider and Scanner History

We were performing an application penetration test on an internal production application with the Spider on.Now, blame it on whoever , our pentesters forgot to turn off the Form submitting feature of Spider and it went ahead...

Mark targets as preferred - Site Map

Hi Team, While we perform an assessment for any webpage it shows all the sites under Site Map, but we have only limited sites under assessment scope on which we want to focus. A tag to mark some site as preferred (moving...

Burp 2FA integration - Disable human intervention during 2FA process

Hi, In today's best practice, medium risk and above applications implement some form of 2FA solution with sensitive functionality like authentication , forgot password, enabling transaction, account activation...

Programming interface

That would be great if Burpsuite has a programming interface like fiddlerscript in fiddler. That will allow tester to explore more potential of burpsuite and the requests made.

Allow Repeater to execute a request several times

The Intruder option does not work for multipart/form-data requests with binary data. The Intruder tries to interpret the § symbols within the binary data and thinks these are payload locations. The Repeater should have a...

Target organization

When following a manual testing workflow, I prefer to reference the site hierarchy under the Target tab, but there is no way to track progress or my remarks internally. If paths could be color-coded and allow comments or...

Options to match & replace from existing message (like regex backreferences)

Hi, I'd like to request a feature in Proxy's Options- Match & Replaces where I can find a match, and replace it with existing messages. For clarity, suppose I want to append Origin header in each requests, but I want...

"Parameter values extractor"

Basically this is an advanced search feature which gives a list of all values assigned to a parameter. The parameter can appear either in GET, POST, etc. requests or responses, or JSON, XML, etc. messages. The...

Session Handling Rule - On Failure - Switch Proxy

I sometimes find in performing test that there are devices in place that lock out web activities for 5-10 mins if too many perceived attacks are seen. I think it would be great to have a session handling rule that would...

partial JSON config files

Currently when starting a new burp project and loading it with a config file, you have to have every option filled in the JSON, otherwise it'll leave that field as blank in the new project. I'd really like it if you could...

Cannot down load

I am unable to download can you send me a link to my product, thank you. And I could definitely use a new feature, I think my boyfriend is cheating on me any burp suite could help me out? Amy

IResponseVariations - set attribute

Hi, I saw the new IResponseVariations API... They are great! To increase the power of these new API, It would be great to be able to add custom attributes. In this way a user can add an attribute and write his own code...

Add "Invoke Extension" to "Session Handling Action Editor"

The "Session handling action editor" has a dropdown menu with two options to "Define behavior dependent on session validity": - Prompt for in-browser session recovery - Run a macro I would like to see "Invoke a Burp...