Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Content Discovery Improvements

Isaac | Last updated: Oct 26, 2022 04:09PM UTC

Hi, I raised this issue a year or two back (don't recall the outcome, but it is not yet a feature)and wanted to raise it and one other again. The Content Discovery feature produces too much noise in its default configuration, and does not provide the level of configuration granularity that I would like. I recommend adding the following: 1) A way of manually removing tasks for the Queued Tasks section once a session has started. The whole use case for this feature arises from a lack of knowledge of a target's content/directory structure. Because of this, a user may opt to configure their session to maximize the results (e.g., using large and diverse wordlists, enabling all of the config options in Content Discovery, setting recursive search to the default 16 directories). However, doing this will almost certainly result in the tool going down a rabbit hole searching directories that are clearly not real. For example, running the tool with the default settings and built-in wordlists will often lead to searching of: /. /./. /././. /./././. /././././. etc As it stands now, there is no way to fix this behavior after the session as started (to my knowledge). So a user is left to either let the session run through a search space that it not "real" or to stop the session, reconfigure, and start again. Usually when this happens, I just go use one of the less powerful tools for forced browsing that are out there. 2) The ability to set default Content Discovery configs. I almost always use the same wordlists and the same session configurations, and these are not the defaults. Lots of wasted time just configuring the thing how I want it. A user-definable default would be awesome. Please let me know if anything is unclear. I can provide illustrative screenshots if that would be helpful. Thanks! P.S. If I'm not using some best practice or something, then please do let me know. Also, if any other users read this and agree with my recommendations, please reply :)

Liam, PortSwigger Agent | Last updated: Oct 27, 2022 11:32AM UTC

Hi Isaac. Thanks for the update on your requirements. We haven't been able to look at this area of Burp as we've been busy developing other areas of the product. I've added your request to a discussion next week to find out where it might fit in a future roadmap.

Liam, PortSwigger Agent | Last updated: Nov 08, 2022 12:57PM UTC