Feature Requests

Post a feature request

  • How do I avoid referer header

    I am using burp to check the security level of our web application. But my application usually checking referer header. If this header is changed, session will be time out. So, how do I test my web application except for referer header? I have already tried some check box removed. ex) "HTTP header" from Attack Insertion Point and "Header manipulation" from Active scanning ...

    2 Agent Answers    1 Community Answer
    Nov 25, 2015 02:34AM UTC
  • Error Output

    Hi, I'm abend. Burp didn't start installing bapp store's item , because I mistook bad proxy setting. I want to output errorlog on Alerts tab that it can't install. regards

    0 Community Answer
    Nov 22, 2015 06:50AM UTC
  • Support base64 for bit flipper payload

    Currently the bit flipper payload can handle ASCII hex or literal values, but often I want to flip bits in a base64 payload. It would be super nice if this were built in!

    1 Agent Answer    0 Community Answer
    Nov 19, 2015 06:14PM UTC
  • Show start/finish time of each item in the 'Scan queue'

    I know there is logging available but this feature would be useful as another column

    2 Agent Answers    0 Community Answer
    Nov 19, 2015 01:52PM UTC
  • multi instances with one user license on the same machine

    using different projects and different Burp instances for each target. with one user license, on the same machine.

    1 Agent Answer    0 Community Answer
    Nov 15, 2015 01:22PM UTC
  • Add an option to disable any local domain name resolution when an upstream proxy is being used

    For more information see https://support.portswigger.net/customer/portal/questions/12807053-burp-triggers-dns-queries-despite-using-an-upstream-proxy

    0 Community Answer
    Nov 11, 2015 10:12AM UTC
  • Decoder Tabs

    The decoder tool should have tabs like most of the other tools. It would be very useful to use one tab to decode and another to encode. I also think it would be useful if burp didn't clear the chain of decoders when you type input into the first box, for example, I should be able to select "decode as URL" in the first box, then, in the second "decode as base64", when I ...

    2 Agent Answers    1 Community Answer
    Nov 09, 2015 11:37PM UTC
  • Mouse over automatic decoding

    Hi, It could be cool to have an automatic decoding (e.g: base64 decode) when you move your mouse over an encoded value anywhere in the tool (instead of selecting it, right-click on send to decoder, etc...). I know, i'm lazy... and this enhancement could speed up things a lot when playing with some app. But I don't know how much work this small FR needs. Davy

    2 Agent Answers    2 Community Answers
    Nov 05, 2015 03:14PM UTC
  • Cert expiration time

    Hello Portswigger, What do you think about adding an option to specify how long a service cert should be valid ? Currently, every cert is issued for 20 years which is more than 39 months - the limitation introduced in April this year (announced by most cert providers, e.g. https://www.entrust.com/ssl-39-months/). The Burp certs are refused at least by Google Chrome what is a significant limi...

    3 Agent Answers    2 Community Answers
    Nov 03, 2015 04:21PM UTC
  • API Support for repeater & Sequencer

    http://forum.portswigger.net/thread/1117/api-sequencer As per your response for API support for Sequencer, it wasn't on the roadmap back in July 2014. Any updates on when this would be available? On a Similar note, do you have a roadmap to support the the 'Go' action in BURP API?

    1 Agent Answer    0 Community Answer
    Oct 29, 2015 07:44PM UTC