Burp Suite User Forum
Actually the parameter separator is the & symbol, but sometimes the applications use different character as parameter separators, for example a lot of tomcat applications use the | character. It could be very very useful...
I would like to have a native function to hide huge viewstates from ASP.NET web applications. Or even better, if it could be possible to toggle the visibility for any variable
Hi, I have written some custom extensions using both the java API and jython. Typically, it is for things like setting custom headers. While they work (they do send the custom headers) it's hard to see exactly what was...
Would it be possible for Burp Suite to properly format XML requests in the 'Params' tab? Cheers.
I would like to set up redirection in scanner in the same way as intruder/repeater. Scanner can only set up valid/invalid. (It is the check box "Follow redirections where necessary")
When I use intruder, I have to set up payload and "Grep - Match" each time. So I would like to set up them same time.
When configuring a macro item, each parameter's value has the option of "Use preset value" or "Derive from prior response". I'd like the capability to load a parameter's value from a file at runtime by specifying a...
Two items to request (both mentioned in former user forum): 1. Multiple decoder tabs (self-explanatory) 2. Clipboard context menu within the input field. This seems simple enough, but essentially this will give users...
To minimize switching between Burp and other tools for crypto-analysis, add more options to Burp's Decoder. Here are a few suggestions: - keyed algorithms (DES, 3DES, AES, XOR, ROTn, etc) - Anything OpenSSL enc/dec...
When using Intruder/Repeater with "Post Request Macro" and setting "Pass back to the invoking tool:" = "The final response from the macro", Intruder/Repeater only show the pair of "the final request sent by Post Request...
Hi Team, I am Takeshi Sato from Japan. I am always using burp on my work so I have some feature requests. First request is regarding intruder. When I am using intruder, I often change the payload and I have to change...
Target > Site map > right click on target URL > Engagement tools: Find comments - should auto start Find scripts - should auto start Find references already does this.
I was working through the Pentester Lab: Web For Pentester (https://www.vulnhub.com/entry/pentester-lab-web-for-pentester,71/) SQL injections, and the Example 2 injection rejects all inputs with spaces in them. Using TAB...
The following section: Options > Connections > Out-of-Scope Requests should be moved to Target Scope.
Every time the Burp is started, the previous Target - Scope and the Target Filter are reset.
Hi, result: huge state file. why? huge static web application with few dynamic pages New feature on the save state wizard: Exclude static content / export dynamic content only Exclude by file extension Thanks in...
I do not believe this is possible today but I would like if there was an option "Add to scope" as one of the options under "Action" when intercepting packets. Thanks!
During an engagement I will work with and save multiple states. Once I load or save a state I would like Burp to display the current state loaded. I tt would make it easier to manage all the various files. It would also...
Please see this post about the risks of using PHP function extract() improperly: http://davidnoren.com/2013/07/03/php-extract-vulnerability/ At the end of the post are a few ideas on how to test for it. Unsure if those...
Scanner > Scan queue > sort by URL. Need a way to right-click and say "Remove Duplicates".
Page 67 of 68
Your source for help and advice on all things Burp-related.