Feature Requests

Post a feature request

  • BApp Store: Sort Extensions by Date Updated

    It is tough to identify new extensions in the Bapp Store. It would be easy to identify new extensions if there was an additional column that listed the date updated. This would also be useful to identify extensions that were no longer receiving regular updates.

    1 Agent Answer    1 Community Answer
    Jan 09, 2016 05:43PM UTC
  • Individual Enable/Disable Tickboxes for Platform Authentication Tickboxes

    At the moment (and in the future) it would help during my testing that each set of credentials would have a tickbox next to them to enable or disable them. p.e. I use my basic authentication to login as admin, then log in as a normal user, and then as admin again. Currently I would have to insert the credentials each time, with a tickbox, I would only have to select/deselect the credentials I ...

    1 Agent Answer    0 Community Answer
    Jan 08, 2016 11:15AM UTC
  • Update Header in Session Handling/Macros

    Hello, I'm working on an application that uses CSRF token for the login forms. The token is a hidden value in the webpage: E.g. <input name="CSRFToken" type="hidden" value="ZIlN2m8eqXX4mWOJr3wkNLGeobE2oUqGBaeKpYWaJe1yK7oQKRx8H2A-8X6rqiMIM7nQNwGPI1uryEA-3wWh5iii_kbq-Pkfp-z9uR5eGnxRCOkE0" /> The token is then applied to the subsequent login as an HTM...

    2 Agent Answers    3 Community Answers
    Jan 05, 2016 06:51PM UTC
  • Intruder Dates payload: extend functionality to include times

    The helpfulness of this payload when fuzzing a date/time parameter is automatic handling of the wrapping of values back to 1 when appropriate (i.e., avoid March 32nd). Extending the Dates payload with time components (down to 1-second resolution) would be logical and helpful to handle the wrapping of hours, minutes, and seconds.

    1 Agent Answer    1 Community Answer
    Dec 17, 2015 07:21PM UTC
  • Numbers Intruder payload: add an option to request all in a range randomly instead of sequentially


    0 Community Answer
    Dec 17, 2015 07:02PM UTC
  • Improve flexibility of Proxy Match and Replace

    There are already a couple of requests to handle specific use cases of conditional Match and Replace that were declined -- and I have my own use case as well -- but I'd like to suggest a couple of generic options that could be implemented in the existing interface to avoid the need to write extensions for less complicated cases. - Add a checkbox to apply the rule to only the in-scope doma...

    1 Agent Answer    0 Community Answer
    Dec 17, 2015 05:57PM UTC
  • Remember setting for "Request in Browser: current/original session" In future just copy an...

    It would be nice if there was a permanent setting for "in future just copy and skip dialog." Bonus points for hotkeys for original/current session. Thanks for BSP...

    0 Community Answer
    Dec 16, 2015 05:51AM UTC
  • Map findings to OWASP and WASC Threat Classification v2.0

    Every finding should be mapped to OWASP at a minimum. Every effort should be made to also map to WASC Threat Classification v2.0: http://projects.webappsec.org/w/page/13246978/Threat%20Classification

    0 Community Answer
    Dec 13, 2015 08:51PM UTC
  • New and updated findings

    Scanner > Issue definition: Delete: Type index Add: Creation date Add: Modification date

    0 Community Answer
    Dec 13, 2015 08:45PM UTC
  • Burp Suite would be more useful if the software provided a server running version

    Potentially a web interface, so that it could sit on a test server as a stub, with the ability to inspect and reject packet history. The ability to only inspect the UI locally makes it limited in usefulness for sitting in the integration /soak test stack etc. Aside from that, it's a good product if it meets your use case.

    1 Agent Answer    0 Community Answer
    Nov 30, 2015 02:30PM UTC