Feature Requests - Page 67 - Burp Suite User Forum

Hide viewstate

I would like to have a native function to hide huge viewstates from ASP.NET web applications. Or even better, if it could be possible to toggle the visibility for any variable

API to update Requests as presented in UI in Proxy, Repeater, etc.

Hi, I have written some custom extensions using both the java API and jython. Typically, it is for things like setting custom headers. While they work (they do send the custom headers) it's hard to see exactly what was...

XML formatting

Would it be possible for Burp Suite to properly format XML requests in the 'Params' tab? Cheers.

In scanner, Setting a configration of redirection

I would like to set up redirection in scanner in the same way as intruder/repeater. Scanner can only set up valid/invalid. (It is the check box "Follow redirections where necessary")

In intruder, setting up payload with "Grep - Match"

When I use intruder, I have to set up payload and "Grep - Match" each time. So I would like to set up them same time.

Load Macro Parameter from File

When configuring a macro item, each parameter's value has the option of "Use preset value" or "Derive from prior response". I'd like the capability to load a parameter's value from a file at runtime by specifying a...

Decoder enhancements - user interface

Two items to request (both mentioned in former user forum): 1. Multiple decoder tabs (self-explanatory) 2. Clipboard context menu within the input field. This seems simple enough, but essentially this will give users...

Decoder enhancements - algorithms

To minimize switching between Burp and other tools for crypto-analysis, add more options to Burp's Decoder. Here are a few suggestions: - keyed algorithms (DES, 3DES, AES, XOR, ROTn, etc) - Anything OpenSSL enc/dec...

Showing Current Request with the Last Response from the Macro

When using Intruder/Repeater with "Post Request Macro" and setting "Pass back to the invoking tool:" = "The final response from the macro", Intruder/Repeater only show the pair of "the final request sent by Post Request...

Feature Request - intruder/scanner

Hi Team, I am Takeshi Sato from Japan. I am always using burp on my work so I have some feature requests. First request is regarding intruder. When I am using intruder, I often change the payload and I have to change...

Auto start certain Engagement tools

Target > Site map > right click on target URL > Engagement tools: Find comments - should auto start Find scripts - should auto start Find references already does this.

Add tests for SQL injection with Tabs rather than Spaces?

I was working through the Pentester Lab: Web For Pentester (https://www.vulnhub.com/entry/pentester-lab-web-for-pentester,71/) SQL injections, and the Example 2 injection rejects all inputs with spaces in them. Using TAB...

Out-of-Scope Requests

The following section: Options > Connections > Out-of-Scope Requests should be moved to Target Scope.

Every time the Burp is started, the previous Target - Scope and the Target Filter are reset.

save state wizard. (Exclude static content, Exclude by file extension)

Hi, result: huge state file. why? huge static web application with few dynamic pages New feature on the save state wizard: Exclude static content / export dynamic content only Exclude by file extension Thanks in...

Ability to Add to Scope from Proxy Intercept Tab

I do not believe this is possible today but I would like if there was an option "Add to scope" as one of the options under "Action" when intercepting packets. Thanks!

State Management - Display the current State

During an engagement I will work with and save multiple states. Once I load or save a state I would like Burp to display the current state loaded. I tt would make it easier to manage all the various files. It would also...

PHP extract() vulnerabilities

Please see this post about the risks of using PHP function extract() improperly: http://davidnoren.com/2013/07/03/php-extract-vulnerability/ At the end of the post are a few ideas on how to test for it. Unsure if those...

Remove duplicates

Scanner > Scan queue > sort by URL. Need a way to right-click and say "Remove Duplicates".

Automatically add repeater results to the site map

Hello, It would be nice if an option could be added to automatically add the repeater results to the site map. I work quite a lot with the repeater and it could be nice to have a direct access to search and other...