Feature Requests - Page 7 - Burp Suite User Forum

Extender API for Custom OAST Servers

Collaborator is a great service that has recently had some competition via other OOB tooling in the last few years (interact.sh, canarytokens, etc.) It would be really handy for testing if PortSwigger could add (or...

Burp suite Inspector font change.

Hi team, normally, the Inspector font is not changed in the current version and becomes the default font. Although I have changed the HTTP message font, the "Inspector" font does not change. is this possible in the new...

Tabbed search

I would like to have a single search window and a possibility to perform multiple searches (and leave these open) with a tabbed interface. Preferably with an option in the user options to enable or disable tabbed search....

batch options import/paste

Hey there It would be possible to add a feature to allow batch (via import or just paste) options settings? use case: Need to add lots of domains to the "Intercept Client Requests" option as a intercept if not...

When deploying private burp collaborator, allow ability to add custom DNS records of A type.

Currently as mentioned in the docs: https://portswigger.net/burp/documentation/collaborator/deploying field "customDnsRecords" only allows us to specify optional DNS records of type TXT and CNAME, it makes sense for the...

Font Size - Would like to increase

It would be nice if there was a setting to increase the size of the fonts in tabs like Proxy, Repeater, Intruder, etc. I haven't see this option, but maybe I missed it. I'm using the Community Edition.

Prompt before loading large responses

I frequently see large javascript responses exceeding 3MB. When I click on one of these, my instance of Burp freezes for around 20 seconds. Sometimes this click is accidental, or sometimes I simply don't notice the size of...

Burp Scanner - Change Severity to False Positive

I thought I had previously submitted this under a Feature Request user forum, but later wasn't able to find it in any forum, so I'm posting again. If this ends up as a duplicate posting, my apologies. When resetting the...

Feature request regarding Burp's "Turbo Intruder" extension.

Naturally "Turbo Intruder" feels like native feature of Burp proxy. And I've found it strange that we can not specify multiple injection points within a single request. (using "%s" symbol) Kind regards, your fellow...

Using intruder and clusterbomb

I'm not sure what the reason is but when I try and used intruder and clusterbomb the 997 out of 998 of the domains said "INVALID". Is there something I'm doing wrong with the settings?

Do I need Burp Professional license to take Portswigger Academy course?

Hi, I have a doubt. Does Burp Suite get better performance to solve Portswigger Academy labs ? I've been taking the Portswigger Academy (using burp suite community license), but some of the labs take too long to...

Maintain selection state

When using any module of burp that has a list of request/response items (so most modules), when you select one (or many) and then perform an action like highlighting, commenting, etc, burp then UNselects anything that was...

Add tabname to "sendToIntruder"

Hi, function "void sendToRepeater(String host, int port, boolean useHttps, byte[] request, String tabCaption);" has a "tabCaption", but the function "sendToIntruder" doesn't have it. Is it possible to add? It will be...

Support global variables

There are extensions that have some support for variables, but they seem like overkill for handling only variables. I can also achieve some of this with Session Handling Rules in Proxy Options, but it is not as easy when...

CSRF Token Bypass

I really need to bypass CSRF token. in my case every time i request, the CSRF will generate new token in the header. so the next request in repeater i need to put the new csrf. i tried to use macro but support said its for...

Reset license count

Hi Team, I installed the Burp License in an old laptop, which I no longer use and want to install the license on a newer laptop. Can you please reset the count so that I can proceed with the installation on the newer...

HTTP history column preferences

Hello, First off this is a truly awesome product, keep up the great work! I was wondering if there was a way to save the preferences of column order view in the HTTP history tab under Proxy. I often like to drag the...

More Granularity For "Filter by status code" Setting

Within HTTP history, you can currently filter by 2xx, 3xx, 4xx, and 5xx. This feature isn't useful because I typically want to see 200, 301/302, 4xx, and 5xx responses - but I don't want to see 201 No Content, 304 Not...

reset all my solved labs

Web Security Academy

I am learning how to perform blind SQL injection in Web Security Academy Labs, in some of them i need to retrieve administrator's password which is "20" character long and doing it manually(using intruder) is not fine. I...