Burp Suite User Forum
.
It would be nice if there was a permanent setting for "in future just copy and skip dialog." Bonus points for hotkeys for original/current session. Thanks for BSP...
Already posted here and then noticed, this is the new way to do it. http://forum.portswigger.net/thread/1686/force-update-check Current situation/problem: Burp only checks for new versions on startup. So when you can...
Every finding should be mapped to OWASP at a minimum. Every effort should be made to also map to WASC Threat Classification v2.0: http://projects.webappsec.org/w/page/13246978/Threat%20Classification
Scanner > Issue definition: Delete: Type index Add: Creation date Add: Modification date
I know there is logging available but this feature would be useful as another column
Potentially a web interface, so that it could sit on a test server as a stub, with the ability to inspect and reject packet history. The ability to only inspect the UI locally makes it limited in usefulness for sitting in...
I am using burp to check the security level of our web application. But my application usually checking referer header. If this header is changed, session will be time out. So, how do I test my web application except for...
Hi, I'm abend. Burp didn't start installing bapp store's item , because I mistook bad proxy setting. I want to output errorlog on Alerts tab that it can't install. regards
Currently the bit flipper payload can handle ASCII hex or literal values, but often I want to flip bits in a base64 payload. It would be super nice if this were built in!
using different projects and different Burp instances for each target. with one user license, on the same machine.
For more information see https://support.portswigger.net/customer/portal/questions/12807053-burp-triggers-dns-queries-despite-using-an-upstream-proxy
http://forum.portswigger.net/thread/1117/api-sequencer As per your response for API support for Sequencer, it wasn't on the roadmap back in July 2014. Any updates on when this would be available? On a Similar note, do...
I would like to have the option to decode only the special (or non-alphanumeric) characters in a string. This is commonplace in URL parameters. The decoder seems to only decode/encode ALL characters in the string.
The scanner injects the "example.com" domain in a lot of requests. Especially in contact forms it would come in handy to have this customisable to another domain. The solution would be to give a user the option to change...
It would be nice if we could merge results from ongoing scans, similar to static analysis results like fortify or checkmarx, such that we don't have to re-look at false positives that have previously been audited as such.
Hi, I have a small, but potentially time saving request: Could you please make the filter input field in the Target and Proxy tabs turn red when a filter is active? This is purely a visible indication to show the user...
Hello, It would be nice to be able to save, copy or move a payload list in intruder. Sometimes I'm doing some tests, I need to add a new payload (try to exploit another variable, etc.) and if it comes before the one I...
Hello, Sometimes I need to compare responeses (or requests). Any minor change is interesting. Maybe 95% of the answers are the same (thousands of requests), sometimes length doesn't vary. Hashing will make detecting...
Hi, While doing a Health Check on the Collaborator Server it would help if it returned the Version #. Especially for making sure a Private Server is up to date. Thanks
Page 65 of 68
Your source for help and advice on all things Burp-related.