Feature Requests - Page 7 - Burp Suite User Forum

Feature request regarding Burp's "Turbo Intruder" extension.

Naturally "Turbo Intruder" feels like native feature of Burp proxy. And I've found it strange that we can not specify multiple injection points within a single request. (using "%s" symbol) Kind regards, your fellow...

Double click on Request or Response tab in the Target View for full screen view

When I double click on the Request or Response tab in the Target View, I would like to see this tab in full screen to better read the contents.

Option to ask to keep previous settings during upgrade

I'm using latest version of BurpSuitePro executable on windows 10 system on an external monitor with 125% scaling. In order for BurpSutePro to scale properly on my computer I have to modify the C:\Program...

Web Server/Application Analyzer

Hi, I know there are some extentions that analyze http headers and contents (like vulnerability software reporter or http headers analyser), but what about a built-in analyzer to adapt burp payloads/engine to web...

Burp Repeater Request

Hi there, For the burp repeater, is there a way to show the request vertically instead of horizontally, just like owasp zap proxy. Request Response instead of Request | Response. On top of which, is it possible...

Feature request regarding the Lab.

If I may request a "Prototype Pollution" category for our Lab. Naturally PortSwigger stays ahead of competition, and is always on point with it's research, and because of that reason I've found it strange that such popular...

Slow Loris Test in BURP?

Hello, Do you think you will add a Slow Loris Test feature ? Regards

Pre-defined extension list

Hi, I don't know if it has been suggested before, but a nice feature would be some way to load some extensions by default (like a whitelist/allowlist). Like I would to load by default "content type converter", "logger++"...

Target Site in the Intruder

Hi, Is it possible to add the option to change the target site in the intruder, to be able to set a payload set for it as well?

Macro - Define custom parameter

Hi, Today for the first time I needed to use the macro feature in Burp. Together with a college we’ve puzzelt a bit while we were reading an access_token from a oAuth POST response that we needed to be added into a...

Postgres 11 support

Teradici is currently looking to migrate from PSql 9.6 to 11. I noticed in your documentation that you only support up to 10. Is there a timeline to move to 11?

Please allow embedded browser settings to be saved.

This has been brought up by others but I feel the need to amplify the message. Having to manually change settings and reinstall uBlock origin (at the very least) is unacceptably prohibitive. It's certainly less of a pain to...

Using both FQDN and IP at the same time for Collaborator

Would it be possible to add support for 2 Collaborator servers at the same time? Or rather having 1 server but being able to say that payloads should be tried for both domain name, as well as IP address? Sometimes our...

Cannot adjust severity ratings for Burp Enterprise

I am unable to find a way in the UI to change the severity ratings. It would be beneficial to have a way to adjust a rating depending on the validation of a finding manually.

Preview SVG Responses

The subject says it all. When there's a response with the following content type, it would be great to be able to see a preview with the embedded Chromium browser. Content-Type: image/svg+xml Thanks!

Proxy - > HTTP History: Remember the columns custom order

Hi, Please consider retaining/remember across project saved options the columns custom order. Personally, I do find very less appealing the effort I have to invest to manually order the current columns as I want to see...

Is it possible to make intruder payload based on the previous response?

Hello, I have 7 different payloads for 1 position The intruder needs to define conditional previous response, after that the payload will choose 1 from the 7 different payloads to the current post request. Is it...

Searching Web-socket History

Hi team, I was testing a Javascript application that made Websocket requests. I was trying to search sensitive parameters/calls in WebSocket history. They were making calls to update using values to the server using...

match and replace for the websocket

Possible to add a match and replace for the websockets? Someone made a plugin for it in the past, but isnt working anymore.

Split pane view in "HTTP History" tab

The HTTP History tab would be improved by providing the option to have split panes for request and responses (i.e. like the Repeater tab). Doing so would make it cleaner and easier to scroll through request and response...