Feature Requests

Post a feature request

  • Ignore 302's in "Discover content" tool

    I *love* the Discover content tool, and use it a lot. Unfortunately, on several jobs I've run into the issue where the web server was configured to respond with 302 instead of 404 when a non-existent URL path was requested. For example, if a GET was issued for target.com/noSuchPage.html, the web server would respond with a 302 and redirect to something like target.com/Error.aspx?Path=/...

    6 Agent Answers    12 Community Answers
    Aug 25, 2015 06:02AM UTC
  • One scanning queue per host ?

    Hello, When you have to work on multiple targets (hosts) and launch a scan on all of them, the scanning time is slowed down because you have a single queue. This single queue means that Burp have to finish scanning host1 pages before starting to scan host2. With one scanning queue per host total scanning time could be a lot faster. Of course you can tell Burp to "Scan next" an item...

    3 Agent Answers    3 Community Answers
    Aug 07, 2015 08:21AM UTC
  • IS there any new vulnerability introduced??

    IS there any new vulnerability introduced apart from OWASP top ten.

    1 Agent Answer    0 Community Answer
    Aug 07, 2015 06:31AM UTC
  • setting case sensitivity option

    When I'm sure I'm testing Windows environment and it doesn't matter on sensitivity, would it be possible to introduce an option where this could be turned on? I noticed that e.g. in Target Analyzer -> Parameters you are tracking every occurrence of different sensitivity as different one. Also in adding rules in Session handling (set a specific cookie or parameter value) it is cas...

    0 Community Answer
    Jul 31, 2015 01:17PM UTC
  • websockets 'Send to' repeater & intruder

    More and more of the Web apps I am pen-testing rely on Websockets for their main communication channel, and vector for XSS/sql-injection/CSRF etc. This would be very helpful if the functionality existing that exists for normal HTTP requests.

    6 Agent Answers    12 Community Answers
    Jul 30, 2015 10:56PM UTC
  • Save displayed columns in Intruder

    Would it be possible to save the selection of displayed columns in an Intruder Attack (either by default on exit or as option)? Thanks for looking into it!

    1 Agent Answer    0 Community Answer
    Jul 28, 2015 08:16AM UTC
  • In Repeater automatically add answers to the site map

    Hello, I use the Repeater a lot to find new pages/behaviors on web servers but each time I find something interesting I need to right click on the response, click on "Add to site map" and then confirm. A total of 3 clicks for each item I want to add. Ok for adding a few items but time consuming when you have more. Can you please add a feature to automatically add the responses or at ...

    2 Agent Answers    1 Community Answer
    Jul 24, 2015 03:01PM UTC
  • Save All Repeater Tabs in State File

    See bug report here for context: https://support.portswigger.net/customer/portal/questions/11548096-not-all-repeater-tabs-saved-restored-via-state-file I send requests to Repeater as I explore an application, and go back later to play with them. I don't always use them in Repeater immediately, so the tabs become a kind of checklist of tasks I have queued up. On a recent job, I lost quite a...

    1 Agent Answer    1 Community Answer
    Jul 21, 2015 07:42PM UTC
  • Feature request (other ssl/tls protocol support)

    What would compliment this great tool is the ability to support other protocols that run on SSL/TLS like SMTP secure and IMAP secure. There are other proxy like tools out there for these protocol yet none of them provide the ability to modify the intercepted content. One can only see the content as it's logged to a log file. I think the ability to support other protocols not just HTTP on t...

    1 Agent Answer    1 Community Answer
    Jul 21, 2015 05:26PM UTC
  • Burp Suite Data Sheet

    Please provide the Burp Suite Features/Data Sheet

    3 Agent Answers    2 Community Answers
    Jul 20, 2015 05:59AM UTC