Feature Requests - Page 7 - Burp Suite User Forum

Selection on Inspector

When selecting text on repeater, on inspector it shows the number of bytes. It would be helpfull to see the number of bytes also in Dec but also in Hex. In particular when performing http smuggling attacks (transfer...

Burp Collaborator Mobile App

Dreamtime / blue sky request :-D Sometimes I'm in a situation where burp is installed on a machine that's not internet connected, but I'd still like to use the collaborator. It would be awesome if there could be a mobile...

License Installation Limit

Hello, I have reached my license limit. I have activated the license in several VMs on my personal computer. If possible I'd require an additional activation.

Account 2FA BYPASS

Can anyone tell me how to bypass mega account recovery key it is important to me it has 10 bitcoin in it whoever securely bypass it I give 2 bitcoin to it.

Burp Collaborator question

hi, Does Burp Suite Enterprise Edition support the use of a private Burp Collaborator? and how could it be used? thanks!

Providing UDP source ports in Burp Collaborator

Is it possible to provide UDP source ports of DNS queries via the IBurpCollaboratorInteraction interface? This would allow to easily analyze the randomness of used source ports, which makes it possible to find...

Intruder payload defaults for integers

Hey, I often want to bruteforce IDs, specifically integers. I use the `Numbers` payload in Intruder. But it requires the following configuration: - Min/max integer digits - Min/max fraction digits This means every...

Enterprise - Integration with ServiceNow

Please create a two-way integration for ServiceNow. You can see an ideal integration here, https://www.netsparker.com/support/integrating-netsparker-enterprise-servicenow/ Notice the availability for the SN ticket to...

Add OAuth2 Support for Burp Professionnal Edition or else

Hi everyone, I've seen that "OAuth" is not on your "prior list" and i don't understand why. Everything is an API at the moment, it should be on your prior list to add this feature. Actually i need to test 2 privates...

Split screen for proxy history

It would be very handy in my opinion to have the proxy history splitted sometimes, to compare login request flows.

Burp Suite Enterprise REST API Scanning

Hi, We are attempting to use Enterprise's REST API Scanning feature. We understand the published limitations, which do not allow for Authorization or Additional headers to be specified in the OpenAPI Specification....

False Positive - Add Comment

I'd like to be able to add a comment for why an issue has been marked as a false positive. I'd like those comments to be available to be included in scan reports as well.

Request and Response Timings in proxy history and site map

OWASP ZAP shows the RTT in the request history which makes it very easy to manually test and spot potential timing based attacks. I know these timings can been tested / seen in the repeater and intruder... but knowing which...

Rename Intruder attacks saved to project

It's really useful to save some intruder attacks to the project file. However, without a way to name them on the dashboard, it can be hard to find the correct one. I know you can name intruder tabs, but this name doesnt seem...

auto replace websocket request messages

hello best app ever is there anyway to auto replace websocket request messages ? or if there are any extension do that can someone show us how :D

deletion

Please delete my account

Decoder - URL and HTML encode special characters only

Can you please add the ability to Decoder to encode the special URL and HTML characters only? The need to do this comes up quite often during application testing. For example, when looking at the first lab of the burp...

BurpSuite Certified Practitioner exam

Hello Team, This is Himanshu. I have purchased a burp suite certified practitioner exam on 5th oct 2021. Can i give the exam tomorrow i.e; on 5th oct 2022 or 4th oct 2022 is the last day to give exam.? Thank...

Possibility to filter out HTTP-status code in the "Content discovery"

Hi I would like to suggest inclusion of a new function: the possibility of excluding some HTTP-status codes in the responses in the "Content discovery" tool. I see that some sites like to "bounce you back" with 301s. You...

Please bring "Delete item(s)" to Intruder back!

The "Delete item(s)" item submenu feature in Intruder is missing for a lot of time now. E.g., version 2020.6 still has it, but from that version to today somewhere in the middle it was removed. Newer version cannot delete...