Feature Requests

Post a feature request

  • Re-run specific Scanner Checks

    It would be great to be able to re-run specific scanner checks to check to see if a finding was indeed fixed or not. I realize that most Scanner finding can simply be sent to the repeater and done that way, however, at least the the burpcollaborator findings, this is harder to do, without setting up some more significant infrastructure.

    2 Agent Answers    2 Community Answers
    Oct 26, 2015 02:44PM UTC
  • Decoder - URL decode special characters only

    I would like to have the option to decode only the special (or non-alphanumeric) characters in a string. This is commonplace in URL parameters. The decoder seems to only decode/encode ALL characters in the string.

    1 Agent Answer    0 Community Answer
    Oct 23, 2015 10:51PM UTC
  • Manually add a cookie in the cookie jar

    Hello, I could be helpful to add a button in the Cookie Jar viewer window to manually "Add a cookie". Davy

    2 Agent Answers    2 Community Answers
    Oct 21, 2015 10:16AM UTC
  • Pause Proxy/HTTP history scrolling

    I'd like to be able to pause scrolling on the Proxy/HTTP history tab. I'm looking back through hits but the site does polls for data every 10 seconds so the list is constantly moving. I know I could filter out the polls but for now I need them in. Wireshark does this by scrolling if you are at the top but once you move away from the top the scrolling stops.

    1 Agent Answer    1 Community Answer
    Oct 19, 2015 02:28PM UTC
  • Adding and Replacing HTTP/S Headers in Scanner

    This is only possible for requests passing thru proxy but not when conducting automated scanning. Thanks!!

    2 Agent Answers    1 Community Answer
    Oct 15, 2015 01:19PM UTC
  • Websockets support

    Hello, I know you are (or would like) working on Websockets support. It would be great if Burp Suite could be fluent in "Websockets". Be able to play with repeater and intruder would be excellent. Oh yes and actual logging feature (Options / Misc / Logging ) is missing Websockets too. Thanks to the whole team for your wonderful product. Davy

    3 Agent Answers    1 Community Answer
    Oct 08, 2015 01:59PM UTC
  • Change example.com mail domain in the scanner

    The scanner injects the "example.com" domain in a lot of requests. Especially in contact forms it would come in handy to have this customisable to another domain. The solution would be to give a user the option to change "example.com" to a custom domain in the Burp Suite config/interface.

    1 Agent Answer    0 Community Answer
    Oct 07, 2015 07:44AM UTC
  • Merge audit results from scans

    It would be nice if we could merge results from ongoing scans, similar to static analysis results like fortify or checkmarx, such that we don't have to re-look at false positives that have previously been audited as such.

    1 Agent Answer    0 Community Answer
    Oct 06, 2015 04:50PM UTC
  • Save/Copy/Move payload list

    Hello, It would be nice to be able to save, copy or move a payload list in intruder. Sometimes I'm doing some tests, I need to add a new payload (try to exploit another variable, etc.) and if it comes before the one I was testing, I need to redo my list... Cheers!

    1 Agent Answer    0 Community Answer
    Sep 24, 2015 03:00PM UTC
  • Hash responses/request

    Hello, Sometimes I need to compare responeses (or requests). Any minor change is interesting. Maybe 95% of the answers are the same (thousands of requests), sometimes length doesn't vary. Hashing will make detecting changes faster. Also, hashing (or similar method) can be useful for detecting changes in some parts. For example, I use Intruder, 99% of the page is the same, anyhow my pay...

    1 Agent Answer    0 Community Answer
    Sep 23, 2015 09:21PM UTC