Research Academy Daily Swig
My account Customers Account and subscription management About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

Hiding "non-interesting" headers in requests

Simko, | Last updated: May 19, 2021 01:42PM UTC

Hi, Creating PoC pictures from Burp properly takes some effort to minimize requests (I know, there is extension for it). Also, on smaller screens (e.g. laptop), one sees the same headers over and over again, which for all intents and purposes, could be hidden/ignored all the time (as they take plenty of space on smaller screens). It would be an awesome feature, if there would be like "filter" showing/hiding specific Headers. For example headers like: "Cache-Control", "Accept-Language", "Origin", "Sec-Fetch-Site", "Sec-Fetch-Mode", "Sec-Fetch-Dest", "Referer", "Accept-Encoding", "Connection", "Content-Length" are usually not interesting when checking requests in Proxy, Target, or Repeater. If there was an option to first pre-define the list of headers which can be hidden, and then (same as Pretty / Raw / \n) toggled on/off, it would introduce much clarity in pentests, or when gathering PoC screenshots from tools, so that all the "uninteresting" headers would be simply hidden. Thanks:)

Uthman, PortSwigger Agent | Last updated: May 20, 2021 10:14AM UTC

Hi Andrej, Thanks for this request. I have raised it with our development team and we will update this thread if/when it is implemented. In the meantime, have you considered using Match and Replace rules for the Proxy? For the Repeater, you could try writing a custom extension to remove headers when the extension is loaded. - https://portswigger.net/burp/extender/api/

Liam, PortSwigger Agent | Last updated: Jul 26, 2021 08:49AM UTC

We've closed this development ticket. This isn't something we are able to implement within Burp.

Syed | Last updated: Mar 07, 2023 11:16PM UTC

This was about hiding, not matching/replacing or removing :( Wish it was implemented so nobody has to scroll over useless headers in all requests.

You need to Log in to post a reply. Or register here, for free.