Feature Requests

Post a feature request

  • Multi-Payload encoding rules and Encoding options for Scanner

    Hi, It would be nice if you could add support for encoding rules in intruder or scanner. This need comes from many websites where base64 encoded JSONs are used to transfer information between the client and the backend. For example, lets say that a website sends this while searching for something: eyJmaWx0ZXJzIjp7Im1hdGNoIjpbImFhYSJdfSwic2VsZWN0ZWRTb3J0IjoiUkVMRVZBTkNFIiwidHlwZSI6IkluZGV4Iiw...

    1 Agent Answer    0 Community Answer
    Dec 03, 2019 09:37AM UTC
  • Burp Enterprise: Client SSL Certificate Support and Scanner Agent Affinity

    Are there plans to implement client certificate authentication (PKCS12 and PKCS11) options/support into Burp Suite Enterprise matching the capabilities of the Pro edition?: https://portswigger.net/burp/documentation/desktop/options/ssl Also, is there a timeline on when scan agent affinity settings are to be implemented into Burp Suite Enterprise? The ability to assign specific agents to spe...

    1 Agent Answer    0 Community Answer
    Dec 02, 2019 11:59AM UTC
  • Burp XML Parser Functionality in Extender API

    Hi, I posted another question in the Customer Portal (found here: https://support.portswigger.net/customer/portal/questions/17672747-xml-tab-reparse-programmatically ) regarding the XML "Reparse" functionality available in Burp. I was told that this functionality uses a proprietary XML parser developed solely for Burp. I am making this request to see if certain functionality from t...

    1 Agent Answer    0 Community Answer
    Nov 30, 2019 03:12AM UTC
  • Any access with proxy

    Hello, the proxy doesn't work on any computer for me. I have followed the instructions given on your site (burp, browser and certificate configuration). I tried using it on a Mojave Mac OS, Windows 8.1 and Debian 18.04 systems. I tried it with the Firefox, Chrome, Safari and Opera browsers, but still to no avail. I can't access any site (http or https) when the interception is on. Coul...

    2 Agent Answers    1 Community Answer
    Nov 21, 2019 01:57PM UTC
  • [Burp Enterprise] Configure scan_callback from the web UI

    Hi, We would find useful being able to set the scan_callback property allowed by the API when manually configuring scans from the web UI. Is it possible / is it on the roadmap? Thanks, Javi

    3 Agent Answers    3 Community Answers
    Nov 21, 2019 08:36AM UTC
  • Match and Replace

    Hi, I think that a useful feature in tab Proxy --> Options --> Match and Replace can be the possibility to Duplicate a role. Thanks, Lorenzo

    1 Agent Answer    0 Community Answer
    Nov 13, 2019 09:51AM UTC
  • Need to extend logging mechanism in burp.

    Hello, If someone wants to save logs of all requests for external use the only known for me method is to use Project options -> Misc -> Loggiing. It's because there is no any library (as far as I know) for parsing standard burp session file or any documenation about format to write such library by my self. And log from Project options -> Misc -> Logging do not contain basi...

    1 Agent Answer    0 Community Answer
    Nov 08, 2019 08:34AM UTC
  • Refine Collaborator Everywhere headers

    Hi I ran into an assessment where the application used the "Referer:" header for portions of how the application worked. This became more noticeable when using the applications "Back" button feature. In order to use Burp for this assessment I had to disable "Collaborator Everywhere" extension. I think this extension is awesome and has helped me find many vulnerabi...

    2 Agent Answers    2 Community Answers
    Oct 29, 2019 05:21PM UTC
  • the ability to reset a lab

    after mucking about with: https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-stealing-cookies i ended up messing the pages with csrf reuests\blocking the comment form. even though i can send manually a comment post request with a XSS script to fix this on the victims session (in order to complete the lab), i think you need to have the ability to reset the lab in order...

    1 Agent Answer    0 Community Answer
    Oct 24, 2019 07:26PM UTC
  • Connection tracking on low level request

    Hello, I would like to have a feature to track all connection requested on the proxy (at low level). Currently via Burp it's not possible to have a list of request executed via BURP but not handled correctly. For example if burp receive a "CONNECT www.pippo.com:7767 HTTP/1.0" and www.pippo.com response with a reset (example TCP RST) you will not be able to see this connection ...

    4 Agent Answers    2 Community Answers
    Oct 21, 2019 03:03PM UTC