Burp Suite User Forum
A new check should be introduced to passive scanner which will monitor all the requests and report if any of the input parameters get reflected in the response. This will be very useful in determining which parameters to...
Hi, I'd love to see mentioned features implemented for pentesting WebSockets. Those features would be useful for testing both WS client and server. Also it would save me some time writing my own set of...
It would be nice to have a find and replace within intruder, saving the tester from burp <-> notepad copy & paste kung foo. Sometimes the HTTP requests are so massive that makes impossible to set each entry point one by one.
I would like for repeater to not move the location of tabs when selecting new repeater tabs. This occurs when the user has a large number of repeater tabs open (which happens to me when testing API calls where we make one...
Target > Site map > expand tree. 1. Select a grey link that has not been visited. Right click. Instead of Copy URL, add option to Open URL. 2. Select multiple links that have not been visited. Right click. Instead...
Url encoding, would be nice if two options exist; one that encodes everything. and one that encodes just the characters that are necessary. I keep seeing apps that are microsoft stacks that seem to dislike characters that...
Actually the parameter separator is the & symbol, but sometimes the applications use different character as parameter separators, for example a lot of tomcat applications use the | character. It could be very very useful...
I would like to have a native function to hide huge viewstates from ASP.NET web applications. Or even better, if it could be possible to toggle the visibility for any variable
Hi, I have written some custom extensions using both the java API and jython. Typically, it is for things like setting custom headers. While they work (they do send the custom headers) it's hard to see exactly what was...
Would it be possible for Burp Suite to properly format XML requests in the 'Params' tab? Cheers.
I would like to set up redirection in scanner in the same way as intruder/repeater. Scanner can only set up valid/invalid. (It is the check box "Follow redirections where necessary")
When I use intruder, I have to set up payload and "Grep - Match" each time. So I would like to set up them same time.
When configuring a macro item, each parameter's value has the option of "Use preset value" or "Derive from prior response". I'd like the capability to load a parameter's value from a file at runtime by specifying a...
Two items to request (both mentioned in former user forum): 1. Multiple decoder tabs (self-explanatory) 2. Clipboard context menu within the input field. This seems simple enough, but essentially this will give users...
To minimize switching between Burp and other tools for crypto-analysis, add more options to Burp's Decoder. Here are a few suggestions: - keyed algorithms (DES, 3DES, AES, XOR, ROTn, etc) - Anything OpenSSL enc/dec...
When using Intruder/Repeater with "Post Request Macro" and setting "Pass back to the invoking tool:" = "The final response from the macro", Intruder/Repeater only show the pair of "the final request sent by Post Request...
Hi Team, I am Takeshi Sato from Japan. I am always using burp on my work so I have some feature requests. First request is regarding intruder. When I am using intruder, I often change the payload and I have to change...
Target > Site map > right click on target URL > Engagement tools: Find comments - should auto start Find scripts - should auto start Find references already does this.
I was working through the Pentester Lab: Web For Pentester (https://www.vulnhub.com/entry/pentester-lab-web-for-pentester,71/) SQL injections, and the Example 2 injection rejects all inputs with spaces in them. Using TAB...
The following section: Options > Connections > Out-of-Scope Requests should be moved to Target Scope.
Page 63 of 64
Your source for help and advice on all things Burp-related.