Feature Requests

Post a feature request

  • HTTP/2

    The ReSearcher asking HTTP/2 support but Burp didnt add this feature in last 5 years. UnLucky..

    0 Community Answer
    Jan 17, 2020 09:55PM UTC
  • Burp 2: Scan Next

    Hi, I noticed that "Scan next" is no longer there with Burp 2.1.07. Would it be possible to add it, or some similar Priority-based handling of Items in the Scan Queue?

    0 Community Answer
    Jan 17, 2020 03:37PM UTC
  • Meaning of the 'Edited' column in 'Proxy / HTTP history'

    Hello, from my experience as a trainer, the meaning of the 'Edited' column in 'Proxy / HTTP history' is quite often misunderstood. In fact, students' expectations are coherent, they just don't match the design choices made by Portswigger. There are two builtin ways to edit the traffic going through the Proxy 1) manual modification when messages are intercepted 2...

    1 Agent Answer    0 Community Answer
    Jan 16, 2020 10:55AM UTC
  • WS-Security (WSS)

    Please support OASIS Web Services Security (WSS), or short: WS-Security - https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss Soap UI for example already fully supports it: https://www.soapui.org/soapui-projects/ws-security.html I am aware that there is a simple Burp extension for WS Security, but it supports only the most basic option, and not for example signed requests, or incom...

    1 Agent Answer    0 Community Answer
    Jan 13, 2020 10:13AM UTC
  • What is the role of divis in this script?

    We have this script, " '-alert(1)-' ". I tried to execute this script in lab without "-" and it didn't work. So I searched about it, but didn't find anything interesting to make it clearer for myself. Why is divis so important in this script, what does it do? Could you explain it to me please?

    1 Agent Answer    0 Community Answer
    Jan 13, 2020 07:15AM UTC
  • XSS into Java Script

    Hello, I have a question again. About context into JavaScript, "Terminating the existing script" I understood. The question appears when I go to the lab for practice, >>Reflected XSS into a JavaScript string with single quote and backslash escaped<<, I did it well, but in solutions, I saw a small thing, but I didn't understand it well. So we have to send a random alphanu...

    1 Agent Answer    0 Community Answer
    Jan 12, 2020 07:26AM UTC
  • XSS contexts / XSS in HTML tag attributes

    Hello. I am learning about XSS as you can see, and I can’t understand a little bit about that scriptable context: " autofocus onfocus=alert(document.domain) x=" , I understand what autofocus and onfocus do, but I have no idea about first quote --> " , and last part of this script, --> x=" . What are they for? There's explanation of this script: "The above pa...

    1 Agent Answer    1 Community Answer
    Jan 06, 2020 01:12PM UTC
  • Extender callback to add a column to Proxy/Intruder/etc results

    Hi, Sometimes it would be useful to have a custom column when displaying history/results - especially for Intruder, but also for Proxy History. This would allow things like Content Length to be shown (vs Length), plus other things I note in your backlog such as a hash of the response body. Unfortunately I don't see any way to add a column via the existing API. I would picture something li...

    2 Agent Answers    1 Community Answer
    Jan 06, 2020 02:57AM UTC
  • Disable Http Trace Method

    Dear Team, Even though i am disabling HTTP Trace method using the Approach mentioned under Issue definition sub tab under Target Tab, but still our burp tool is listing that method as allowable , please suggest any solution that burp won't list trace method as not allowable HTTP method.

    1 Agent Answer    0 Community Answer
    Dec 31, 2019 09:40AM UTC
  • Multiply scans at once with Burp Enterprise

    I would like to know if there's an option to load multiple/bulk web URLs and schedule scans for multiple/bulk web URLs. If there's an API for this, could you point me to it?

    1 Agent Answer    0 Community Answer
    Dec 23, 2019 03:13PM UTC