Burp Suite User Forum
Recently we conducted an application assessment for an android application. The application communicated using gzip / deflate content encoding. Burp Suite was initially configured to unpack gzip/deflate encoded traffic via...
Hi I would like to propose the following features in Burp. 1) Burp loads default profile:- Burp should allow users to specify the default template location. 2) Requests Replay :- We would like feed the requests...
When burp generates CA-signed per-host certificates, Google Chrome marks these sites as having "Weak Security configuration (SHA-1 signatures), so your connections may not be private. Screenshot:...
Hi, I would love to be able to tag findings as 'already worked on and resolved' or 'read'. Helps in case I go through findings while the active scan is still on (reason being lack of time). In current state new findings are...
I would like to have possibility to: - assign keyboard shortcuts to more actions, e.g.: in Scanner:Results - set Severity, Confidence level (I would use numkeys) - use global windows shortcut for some actions (e.g....
I'm somewhat disappointed. I conducted an nessus scan on a host, without entering any information. It found an XSS. When I did an active scan of the same host with Burp, Burp did not. It is a really easy to find XSS. I'm...
Hi, I would like selected tab persistence when browsing through findings (exactly like in Proxy tab) - I select tab Response and it stays the selected one when I click on a different finding. A small thing, would help a lot...
A new check should be introduced to passive scanner which will monitor all the requests and report if any of the input parameters get reflected in the response. This will be very useful in determining which parameters to...
Hi, I'd love to see mentioned features implemented for pentesting WebSockets. Those features would be useful for testing both WS client and server. Also it would save me some time writing my own set of...
It would be nice to have a find and replace within intruder, saving the tester from burp <-> notepad copy & paste kung foo. Sometimes the HTTP requests are so massive that makes impossible to set each entry point one by one.
I would like for repeater to not move the location of tabs when selecting new repeater tabs. This occurs when the user has a large number of repeater tabs open (which happens to me when testing API calls where we make one...
Target > Site map > expand tree. 1. Select a grey link that has not been visited. Right click. Instead of Copy URL, add option to Open URL. 2. Select multiple links that have not been visited. Right click. Instead...
Url encoding, would be nice if two options exist; one that encodes everything. and one that encodes just the characters that are necessary. I keep seeing apps that are microsoft stacks that seem to dislike characters that...
Actually the parameter separator is the & symbol, but sometimes the applications use different character as parameter separators, for example a lot of tomcat applications use the | character. It could be very very useful...
I would like to have a native function to hide huge viewstates from ASP.NET web applications. Or even better, if it could be possible to toggle the visibility for any variable
Hi, I have written some custom extensions using both the java API and jython. Typically, it is for things like setting custom headers. While they work (they do send the custom headers) it's hard to see exactly what was...
Would it be possible for Burp Suite to properly format XML requests in the 'Params' tab? Cheers.
I would like to set up redirection in scanner in the same way as intruder/repeater. Scanner can only set up valid/invalid. (It is the check box "Follow redirections where necessary")
When I use intruder, I have to set up payload and "Grep - Match" each time. So I would like to set up them same time.
When configuring a macro item, each parameter's value has the option of "Use preset value" or "Derive from prior response". I'd like the capability to load a parameter's value from a file at runtime by specifying a...
Page 65 of 66
Your source for help and advice on all things Burp-related.