Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

An option to copy highlights and comments from sitemap to proxy history

Alex | Last updated: Nov 10, 2020 06:36PM UTC

Rationale: I am one of those who tests web applications interactively, rather than navigating through whole application and testing each item in sitemap after that. During the testing I add comments in sitemap to some endpoints like "TODO: IDOR", "File Upload", "Check this". Additionally I highlight some endpoints in sitemap, for example those that I have fuzzed. After I navigate through whole application I go to sitemap to see endpoints that are left to check. To follow this approach, currently, for every endpoint that I test, I have to manually find relevant record in sitemap and add comment to or highlight it, which is tedious. Additionally, it happens sometimes that I test single endpoint more than one time, because I forget that I have already tested it and because I didn't want to look at sitemap to check whether I tested it or not (which is, again, time consuming). What I suggest to add is an option to automatically copy highlight colors and comments from sitemap into proxy history. With this option enabled, every request that appears in proxy history checks highlight color and comment for same request in sitemap and copies these values into proxy history table for this request. This would prevent double-testing same endpoints and would allow immediately see comments that have been set previously for an endpoint. This would allow easily differentiate new/untested endpoints from already tested/unmarked. Additionally, a backward copy option would be also useful: If user highlights or adds a comment to a request in proxy history table, it automatically copies highlight color and comment to corresponding request in sitemap. This would save time that otherwise would be wasted on finding corresponding request manually in sitemap and adding highlight color and comment there.

Uthman, PortSwigger Agent | Last updated: Nov 11, 2020 09:06AM UTC

Hi Alex, Thanks for this request. Have you considered using the filter and search on the sitemap to speed up finding the requests? Additionally, have you taken a look at the BApp Store to see if an extension could help? (e.g. Progress Tracker) I have raised a feature request for you and we will update this thread if/when it is implemented.

Alex | Last updated: Nov 11, 2020 06:52PM UTC

Hi Uthman, Thank you for extension suggestion, I have not try it before. This extension indeed provides tools similar to those I mentioned in the request. However, display and filter options are limited in comparison to Proxy tool and there is no way to see data from this extension in a structured way that Sitemap offers.

Uthman, PortSwigger Agent | Last updated: Nov 12, 2020 09:00AM UTC