Feature Requests - Page 64 - Burp Suite User Forum

Collaborator interface for extensions

Although extensions can perform active and passive scans, AFAIK they have no access to collaborator, thus cannot verify out-of-band interaction. Am I mistaken? If no, it would be a great thing to have.

Orchestrate Repeater Requests

It is often needed to orchestrate or time (as in timing) a sequence of requests in relation to one another. Simple Examples: 1) Send Request '1' 2) Wait 1 second 3) Send Request '2' This is hard to do manually...

Show Platform Authentication header on proxy requests

The platform auth is removed form the header shown in the proxy tab (also you see only one request). It would be useful to see these headers and the full request to understand when the auth is done...

disable Payload encoding and auto load payloads through API

It would be nice if the payloads get automatically loaded from custom file when invoking sendToIntruder method and API method to disable URL encode these characters through API. Thereby launching the attack through API

Proxy: Warn when leaving the project scope

It would be a nice little feature for manual testing if burp would show a warning in the browser, when leaving the configured scope while browsing a site. The warning should only be displayed in the browser and give a...

Workbench for items that one wants to take a closer look on later

It'd be a neat feature if burp would have some sort of "Workbench", where one could send requests to that one wants to inspect later. I often find myself in a situation where I'm quickly checking autoscan results and...

Restore scan queue issues column

I have been using Burp for many years and appreciate all the updates and features. One feature/bug that have been bugging (pardon the pun) me is when one restores a previous Burp state, the Issues column in the scan queue...

Pass back in "Run post-request macro"

Currently, a session handling rule running a post-request macro can pass back to the invoking tool either: - the response from the current request - the final response from the macro In multi-step work-flows, it is...

Not only log time but also log date

L.S. I use Burp Suite to log browser activity for a long period. Within the log on disk and on the HTTP history only the time of a request/response, not the date, is logged. Could you please also log the date in a...

NoSQL

Does Burpsuite or any of its add ons support checks for NoSQL databases?

Audible Alerts

Would like to add this feature - where is a error - say network issue that has made the scan to stop - in that case, we would like to have a audible alert. This would help the user to focus his attention on other tasks...

Filter Bypass Scanner Options

Filter bypass options for the scanner would be useful. Just from a SQLi perspective, it would be great if I could have radio buttons that could enable SQLmap tamper script style payload modification options such as...

Add a parameter to the scanner exclude list via right-click context menu on the Param tab

I hope it doesn't take much work to add this feature to the current version. It would really be helpful if you can just right click on any parameter and add them to the exclude list of scanner rather than doing a copy and...

Log Files

I would like to ask for a feature that would allow me to choose a maximum file size for each log type(much like what i do with tshark for packet capturing). This would force burp to create a new log file everytime the file...

Burp Extender - Support for more details from IScanQueueItem

Hi Burp Team, Good day! We have been using active scanner in our CI builds on a regular basis. However, sometime active scan queue items get stuck/slow/become stale and they appear to make little to no progress for a...

Proxy Intercept modify + encode

Hi, It would be nice to add to the "Match and Replace" feature of the Proxy Options the possibility to not only add and replace but to encode, or even do the same as with the intruder payload processing (adding rules in a...

Page Deduplication

Some applications offer a large set of sites that only present different data but are based on the same template. This can result in thousands of pages in the scope that are basically irrelevant. There should be some way...

In intruder, putting add positions properly to JSON type request

When I assess the JSON type request, intruder put the add position like below: testparameter=${"user":"admin","password": "password00"}$ I would like to put the target position like...

Show base request variable in intruder

When running an attack with intruder, particularly a Sniper attack with number payload, it would be good if in the Payload field, the base request (request ID 0) displayed what the contents were between the $$ symbols. At...

Keyboard shortcut - Clear history and ALT-TAB

Can you add the ability to: a) Do things without confirmation if I so want? Clear History for example, close Burp for another. And generally do think of other common tasks and add the ability to do things with keyboard...