Feature Requests - Page 62 - Burp Suite User Forum

Collaborator Server Version

Hi, While doing a Health Check on the Collaborator Server it would help if it returned the Version #. Especially for making sure a Private Server is up to date. Thanks

Duplicate entries in scan queue

Why does Burp make duplicate entries with a status of "waiting" in the scan queue. It seems trivial to scan the list in code prior to the addition of a new URL and to not add it if there is already one there. I am requesting...

Use Other Burp Instance on Different Port as an Upstream Proxy to see Scanner requests

If I want to see what requests are being sent by scanner, I usually run another Burp proxy instance and set my Upstream proxy to it. In that way when I look at the proxy history tab of that other burp proxy instance, I'd be...

Burp Testing Methodologies

Findings should include links to relavent Burp Testing Methodologies: https://support.portswigger.net/customer/portal/topics/792273-burp-testing-methodologies/articles?page=1

Session handling rule action - replace part of request

Hi, I'd like to propose a new session handling rule action that would basically replace any part of a request with a predefined constant. Just like s/const1/const2/g in vi would do. Thanks, PSi

Additional step for scanner options when launching active scanner.

It would be awesome to have an additional step when launching an active scan, for configuring what are the parameters that we want to scan without have to mess with the general config. For example: Lets say that for this...

"onmouseover="prompt(1);"

"'><li onmousover=alert(1)>xxx</li>

IS there any new vulnerability introduced??

IS there any new vulnerability introduced apart from OWASP top ten.

setting case sensitivity option

When I'm sure I'm testing Windows environment and it doesn't matter on sensitivity, would it be possible to introduce an option where this could be turned on? I noticed that e.g. in Target Analyzer -> Parameters you are...

Save All Repeater Tabs in State File

See bug report here for context: https://support.portswigger.net/customer/portal/questions/11548096-not-all-repeater-tabs-saved-restored-via-state-file I send requests to Repeater as I explore an application, and go back...

Feature request (other ssl/tls protocol support)

What would compliment this great tool is the ability to support other protocols that run on SSL/TLS like SMTP secure and IMAP secure. There are other proxy like tools out there for these protocol yet none of them provide...

Intercept Queue

Would it be possible to add a "Queue" to the Intercept tab. This would show the requests/responses queued to be intercepted and they would be removed from the queue after they are intercepted. On occasions where there are...

Add "Close All Tabs" button to the Repeaster

In the repeater tab, I would like a “close all tabs” button. In the Mac-look-and-feel-GUI; if you click the X, the tabs auto-adjust slightly to re-center. Thus, you click X and move the mouse. Repeat 52 times (yes, I had...

ASP.NET ValidateRequest bypass + tuning

According to my experience Burp Suite doesn't check for this type of ValidateRequest filter bypass: http://www.jardinesoftware.net/2011/07/17/bypassing-validaterequest/ Would it be possible to add this to the...

Hide from view based on MIME type

Hi, recently I came across a web server where certain categories of files (images, css) were having a filename of the format "_x-y" with no extension, where x and y is a alphanumeric value of a varying length of characters,...

Match -> Match/Replace.

I would like to beg this request again, as there is a need for feature. Here the use case. I would like to be able to Match/Replace based on Matching a different value. I have been told to write it myself, but that...

Provide option to pass unaltered response back to client

Recently we conducted an application assessment for an android application. The application communicated using gzip / deflate content encoding. Burp Suite was initially configured to unpack gzip/deflate encoded traffic via...

Burp Porxy Features- Replay Request

Hi I would like to propose the following features in Burp. 1) Burp loads default profile:- Burp should allow users to specify the default template location. 2) Requests Replay :- We would like feed the requests...

Burp signed SSL certificates throw warning in Chrome

When burp generates CA-signed per-host certificates, Google Chrome marks these sites as having "Weak Security configuration (SHA-1 signatures), so your connections may not be private. Screenshot:...

UI - Scanner:Results - tag resolved findings

Hi, I would love to be able to tag findings as 'already worked on and resolved' or 'read'. Helps in case I go through findings while the active scan is still on (reason being lack of time). In current state new findings are...