Feature Requests

Post a feature request

  • Collaborator Server Version

    Hi, While doing a Health Check on the Collaborator Server it would help if it returned the Version #. Especially for making sure a Private Server is up to date. Thanks

    1 Agent Answer    0 Community Answer
    Sep 21, 2015 06:45PM UTC
  • Content Discovery: custom wordlist

    The Content Discovery functionality allow the use of built-in wordlists, but does not facilitate a custom word-/filelist. While the built-in wordlists are OK, sometimes it's useful to be able to define a custom list, just like you would within the intruder. The intruder can of course be used for discovery of content as well, but it would be very nice to be able to define a textfile in an ...

    3 Agent Answers    4 Community Answers
    Sep 21, 2015 02:01PM UTC
  • Duplicate entries in scan queue

    Why does Burp make duplicate entries with a status of "waiting" in the scan queue. It seems trivial to scan the list in code prior to the addition of a new URL and to not add it if there is already one there. I am requesting this change. Thanks!

    1 Agent Answer    0 Community Answer
    Sep 17, 2015 07:31PM UTC
  • Make filter input field red when active

    Hi, I have a small, but potentially time saving request: Could you please make the filter input field in the Target and Proxy tabs turn red when a filter is active? This is purely a visible indication to show the user that there is a filter active. Sometimes I forget the fact that I put a filter for one job when executing the next job (as filter settings are kept over different burp laun...

    1 Agent Answer    1 Community Answer
    Sep 17, 2015 07:59AM UTC
  • Use Collaborator server for CSRF POCs?

    Currently, my favorite ways to generate the "meat" for a CSRF demo is to use the Burp CSRF engagement tool. However, after I run the test locally with the burp tool, if I am dealing with XHR and CORS, I always move the POC to a "real" web server that will cause my browser to generate a pre-flight request. Depending on the engagement, I use a public webserver or just on a vm i...

    1 Agent Answer    2 Community Answers
    Sep 17, 2015 12:10AM UTC
  • Add a parameter to the scanner exclude list via right-click context menu on the Param tab

    I hope it doesn't take much work to add this feature to the current version. It would really be helpful if you can just right click on any parameter and add them to the exclude list of scanner rather than doing a copy and paste.

    1 Agent Answer    1 Community Answer
    Sep 14, 2015 11:43PM UTC
  • Use Other Burp Instance on Different Port as an Upstream Proxy to see Scanner requests

    If I want to see what requests are being sent by scanner, I usually run another Burp proxy instance and set my Upstream proxy to it. In that way when I look at the proxy history tab of that other burp proxy instance, I'd be able to see the requests being made by burp scanner. It would be nice if you don't have to do that, instead just add another proxy instance on a different port and us...

    1 Agent Answer    0 Community Answer
    Sep 14, 2015 11:43PM UTC
  • Burp Testing Methodologies

    Findings should include links to relavent Burp Testing Methodologies: https://support.portswigger.net/customer/portal/topics/792273-burp-testing-methodologies/articles?page=1

    1 Agent Answer    0 Community Answer
    Sep 14, 2015 01:23PM UTC
  • JSON decoder in "Decoder"

    Hi PORTSWIGGER team, I would be really greatful if you add support for JSON decoding to "Decoder". Because usually I find URLs like https%3a\/\/www.google.com\/blablabla... and I have to use other decoder like unescape() to work with a valid URL. Thanks.

    4 Agent Answers    6 Community Answers
    Sep 13, 2015 04:06AM UTC
  • Session handling rule action - replace part of request

    Hi, I'd like to propose a new session handling rule action that would basically replace any part of a request with a predefined constant. Just like s/const1/const2/g in vi would do. Thanks, PSi

    1 Agent Answer    0 Community Answer
    Sep 10, 2015 02:14PM UTC