Feature Requests - Page 63 - Burp Suite User Forum

Reflected input monitor for passive scanning

A new check should be introduced to passive scanner which will monitor all the requests and report if any of the input parameters get reflected in the response. This will be very useful in determining which parameters to...

Repeater and intruder for pentesting WebSockets

Hi, I'd love to see mentioned features implemented for pentesting WebSockets. Those features would be useful for testing both WS client and server. Also it would save me some time writing my own set of...

Find and replace in intruder

It would be nice to have a find and replace within intruder, saving the tester from burp <-> notepad copy & paste kung foo. Sometimes the HTTP requests are so massive that makes impossible to set each entry point one by one.

Repeater UI - Fixed Placement of Tabs

I would like for repeater to not move the location of tabs when selecting new repeater tabs. This occurs when the user has a large number of repeater tabs open (which happens to me when testing API calls where we make one...

Open multiple links in a browser

Target > Site map > expand tree. 1. Select a grey link that has not been visited. Right click. Instead of Copy URL, add option to Open URL. 2. Select multiple links that have not been visited. Right click. Instead...

encoder stuff

Url encoding, would be nice if two options exist; one that encodes everything. and one that encodes just the characters that are necessary. I keep seeing apps that are microsoft stacks that seem to dislike characters that...

Configure the parameter separator on GET and POST reponses

Actually the parameter separator is the & symbol, but sometimes the applications use different character as parameter separators, for example a lot of tomcat applications use the | character. It could be very very useful...

Hide viewstate

I would like to have a native function to hide huge viewstates from ASP.NET web applications. Or even better, if it could be possible to toggle the visibility for any variable

API to update Requests as presented in UI in Proxy, Repeater, etc.

Hi, I have written some custom extensions using both the java API and jython. Typically, it is for things like setting custom headers. While they work (they do send the custom headers) it's hard to see exactly what was...

XML formatting

Would it be possible for Burp Suite to properly format XML requests in the 'Params' tab? Cheers.

In scanner, Setting a configration of redirection

I would like to set up redirection in scanner in the same way as intruder/repeater. Scanner can only set up valid/invalid. (It is the check box "Follow redirections where necessary")

In intruder, setting up payload with "Grep - Match"

When I use intruder, I have to set up payload and "Grep - Match" each time. So I would like to set up them same time.

Load Macro Parameter from File

When configuring a macro item, each parameter's value has the option of "Use preset value" or "Derive from prior response". I'd like the capability to load a parameter's value from a file at runtime by specifying a...

Decoder enhancements - user interface

Two items to request (both mentioned in former user forum): 1. Multiple decoder tabs (self-explanatory) 2. Clipboard context menu within the input field. This seems simple enough, but essentially this will give users...

Decoder enhancements - algorithms

To minimize switching between Burp and other tools for crypto-analysis, add more options to Burp's Decoder. Here are a few suggestions: - keyed algorithms (DES, 3DES, AES, XOR, ROTn, etc) - Anything OpenSSL enc/dec...

Showing Current Request with the Last Response from the Macro

When using Intruder/Repeater with "Post Request Macro" and setting "Pass back to the invoking tool:" = "The final response from the macro", Intruder/Repeater only show the pair of "the final request sent by Post Request...

Feature Request - intruder/scanner

Hi Team, I am Takeshi Sato from Japan. I am always using burp on my work so I have some feature requests. First request is regarding intruder. When I am using intruder, I often change the payload and I have to change...

Auto start certain Engagement tools

Target > Site map > right click on target URL > Engagement tools: Find comments - should auto start Find scripts - should auto start Find references already does this.

Add tests for SQL injection with Tabs rather than Spaces?

I was working through the Pentester Lab: Web For Pentester (https://www.vulnhub.com/entry/pentester-lab-web-for-pentester,71/) SQL injections, and the Example 2 injection rejects all inputs with spaces in them. Using TAB...

Out-of-Scope Requests

The following section: Options > Connections > Out-of-Scope Requests should be moved to Target Scope.