Feature Requests

Post a feature request

  • the ability to reset a lab

    after mucking about with: https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-stealing-cookies i ended up messing the pages with csrf reuests\blocking the comment form. even though i can send manually a comment post request with a XSS script to fix this on the victims session (in order to complete the lab), i think you need to have the ability to reset the lab in order...

    1 Agent Answer    0 Community Answer
    Oct 24, 2019 07:26PM UTC
  • Connection tracking on low level request

    Hello, I would like to have a feature to track all connection requested on the proxy (at low level). Currently via Burp it's not possible to have a list of request executed via BURP but not handled correctly. For example if burp receive a "CONNECT www.pippo.com:7767 HTTP/1.0" and www.pippo.com response with a reset (example TCP RST) you will not be able to see this connection ...

    4 Agent Answers    2 Community Answers
    Oct 21, 2019 03:03PM UTC
  • Burb Target Tab Grouping

    Add an option to group targets by parent domain, like: a.test1.com b.test1.com c.test1.com a.test2.com b.test2.com c.test2.com Currently, they are only sorted by the full domain: a.test1.com a.test2.com b.test1.com etc. For chatty applications, this would help organize the endpoints they interact with, especially mobile apps that talk to 10+ different domains including several subd...

    1 Agent Answer    0 Community Answer
    Oct 16, 2019 07:43PM UTC
  • Automatically Scan

    Hi everyone, I'd like to do an authenticated scan of a site. The problem is that authentication takes place on a domain other than my scope. How can I perform the authenticated scan of my scope ? Thank you very much

    1 Agent Answer    0 Community Answer
    Oct 15, 2019 09:38AM UTC
  • Live passive crawl misses some information about HTML forms

    Hello, the "Form submission" feature of passive crawling misses two features when adding to the site map: - it doesn't log the parameter names and values defined in HTML forms - it doesn't set the HTTP method (i.e. use GET everytime), even if explicitly defined in HTML forms * How to reproduce Go to "Menu bar > Burp > Configuration library > New > Li...

    1 Agent Answer    1 Community Answer
    Oct 15, 2019 09:29AM UTC
  • Add dark mode to burp suite community editon

    For windows 10 make so it adapts to system settings

    1 Agent Answer    0 Community Answer
    Oct 11, 2019 01:50AM UTC
  • Scanner / Scan configuration / View (or edit) built-in configuration from library

    The built-in scanner configuration available in the library look nice but I would like to view the exact settings they contain, before deciding to use them or create my own. Maybe you could re-use the UI to create new scan configurations and apply it to view the settings in read-only (greyed).

    1 Agent Answer    1 Community Answer
    Sep 27, 2019 04:28PM UTC
  • Burp Collaborator SMTP/S follow hostname resolution set in project options

    I would like to see SMTP/S Connection Heath Checks for Burp Collaborator listen to the Hostname Resolution settings in Project Options > Connections. Right now it seems to follow for HTTP & HTTPS requests but not for SMTP/S

    1 Agent Answer    0 Community Answer
    Sep 26, 2019 05:27PM UTC
  • Wildcard support Hostname Resolution

    I would love to be able to have wildcard * support for the Hostname Resolution settings in Proxy Options > Connections.

    1 Agent Answer    0 Community Answer
    Sep 26, 2019 05:24PM UTC
  • Burp Collaborator Enhancement Requests

    When performing manual testing, it's not possible to detect out-of-band interactions which occur after the Burp Collaborator Client is closed. This means payloads that are fired weeks or months later are not detected (even though the Collaborator server has a record of the interaction). To address this limitation, please consider making the following enhancements to the Collaborator Client...

    1 Agent Answer    17 Community Answers
    Sep 24, 2019 11:12PM UTC