Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Feature enhancement request to hide uninteresting headers

Marco | Last updated: Apr 27, 2024 10:22AM UTC

First of all, thank you for your fantastic Tool burp suite. I would like to ask for improved functionality to hide uninteresting headers. Could you add in the options or where you think is best a list where you indicate which headers are to be hidden so that each user can decide what to hide ? For cookies you might also think about replacing their value with a heading for example “Cookies hidden for better screenshot” I ask this because many times the cookies come out very verbose it is problematic to take screenshots that make sense. Thank you

Dominyque, PortSwigger Agent | Last updated: Apr 29, 2024 08:34AM UTC

Hi Firstly, thank you for your kind words! Secondly, out of interest, would this extension on our BApp Store help with this feature request of yours, or are you after something different?: https://portswigger.net/bappstore/9c8ce7d4acf945d9bbf5abab3f77968b

Alex | Last updated: Aug 27, 2024 08:56PM UTC

I was also looking through the forums to see if someone had already suggested this improvement. Hiding headers based on the user's preferences would be so much more flexible and tailored to anyone's needs. This feature in itself is great and I'm really glad PortSwigger added it in the first place! So, for instance, we still see other uninteresting headers such as Dnt, Sec-Gpc, Te, but I find it a little bit illogical that users would have to mention them here everytime and then wait for the dev team to prioritize this rather trivial improvement (i.e. adding hardcoded headers) and then wait for the future release. Moreover, it could also help professionals focus on other important parts of a request and even hide headers that have been tested previously, are known not to be vulnerable to anything, and don't add value to the screenshot needed for a report (e.g. User-Agent, Referer, Origin, Connection, etc.), which would be a case by case basis and really help improve readability for everyone. As for the mentioned extension, that's awesome already and the person did a good job, and I didn't know about it, but it really modifies the visual of the header without hiding it (afaik), so several headers will still take a good part of the screen and get in the way of taking good screenshots. It would be so much more convenient not to switch views and have a flexible list integrated to the already built-in feature that PortSwigger offers.

Dominyque, PortSwigger Agent | Last updated: Aug 28, 2024 01:58PM UTC