Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

"Include relevant extract" in XML Report

Ermak | Last updated: Mar 23, 2016 10:30PM UTC

Hello, as already requested by other users two years ago (http://forum.portswigger.net/thread/1088/populate-enable-include-relevant-extract) I think it would be very useful to add the "include relevant extract" option also for XML report. There is no need to maintain the highlighted text, just avoid kb of response. The maximum length option limit is just useless because you can't know where the relevant extract is. For example, when we parse the XML file to generate an Excel or a PDF report for the customer, the response should contain just the evidence of vulnerability. At this time we have to copy and paste the response manually from Burp Target details, or parse the HTML file, both solutions are not optimal and time consuming. Thank you

PortSwigger Agent | Last updated: Mar 24, 2016 12:22PM UTC

We've noted this feature request and have it captured in our backlog. We'll update this thread when the feature is available.

Tim | Last updated: Apr 09, 2021 04:37PM UTC

I'll add my +1 to Ermak here, as I have run into this exact problem. When there are many findings for an engagement, combined with long requests and responses, imported Burp XML that has the details cause a fairly massive amount of busy-work to manually truncate all the irrelevant noise. Of course, part of the pain is that our reporting process uses MS Word as an intermediate, and it is ghastly at dealing with 1000+ page documents. The point is though, Burp has this information already, and could simply export using the same logic used for the HTML export. Also... it's five years now since Ermak's post above, and apparently seven since the previous most mentioned that is no longer online.

Uthman, PortSwigger Agent | Last updated: Apr 12, 2021 08:34AM UTC

Hi Tim, Thanks a lot for your feedback. We have registered your interest in this feature and will update this thread when it has been implemented.

hackerman | Last updated: Aug 25, 2022 08:23PM UTC

This would be a great help for a lot of us I think! Any updates?

Liam, PortSwigger Agent | Last updated: Aug 26, 2022 06:44AM UTC

We've added your request to the development ticket. We haven't had a lot of interest in this feature; as such, there are no current plans to add this to our roadmap.

Whiskey | Last updated: Aug 21, 2023 07:37PM UTC

We also run into this issue frequently when exporting Issues into tracking systems and integrators. Right now, our "solution" is to include the full responses and then manually cut it down after the fact, which I assume most of your clients do as well. My ideal would be: base64 the relevant parts only, as this avoids having to change anything after manually decoding the finding.

Liam, PortSwigger Agent | Last updated: Aug 22, 2023 12:15PM UTC