Feature Requests

Post a feature request

  • Change example.com mail domain in the scanner

    The scanner injects the "example.com" domain in a lot of requests. Especially in contact forms it would come in handy to have this customisable to another domain. The solution would be to give a user the option to change "example.com" to a custom domain in the Burp Suite config/interface.

    1 Agent Answer    0 Community Answer
    Oct 07, 2015 07:44AM UTC
  • Merge audit results from scans

    It would be nice if we could merge results from ongoing scans, similar to static analysis results like fortify or checkmarx, such that we don't have to re-look at false positives that have previously been audited as such.

    1 Agent Answer    0 Community Answer
    Oct 06, 2015 04:50PM UTC
  • Save/Copy/Move payload list

    Hello, It would be nice to be able to save, copy or move a payload list in intruder. Sometimes I'm doing some tests, I need to add a new payload (try to exploit another variable, etc.) and if it comes before the one I was testing, I need to redo my list... Cheers!

    1 Agent Answer    0 Community Answer
    Sep 24, 2015 03:00PM UTC
  • Hash responses/request

    Hello, Sometimes I need to compare responeses (or requests). Any minor change is interesting. Maybe 95% of the answers are the same (thousands of requests), sometimes length doesn't vary. Hashing will make detecting changes faster. Also, hashing (or similar method) can be useful for detecting changes in some parts. For example, I use Intruder, 99% of the page is the same, anyhow my pay...

    1 Agent Answer    0 Community Answer
    Sep 23, 2015 09:21PM UTC
  • Collaborator Server Version

    Hi, While doing a Health Check on the Collaborator Server it would help if it returned the Version #. Especially for making sure a Private Server is up to date. Thanks

    1 Agent Answer    0 Community Answer
    Sep 21, 2015 06:45PM UTC
  • Content Discovery: custom wordlist

    The Content Discovery functionality allow the use of built-in wordlists, but does not facilitate a custom word-/filelist. While the built-in wordlists are OK, sometimes it's useful to be able to define a custom list, just like you would within the intruder. The intruder can of course be used for discovery of content as well, but it would be very nice to be able to define a textfile in an ...

    3 Agent Answers    4 Community Answers
    Sep 21, 2015 02:01PM UTC
  • Duplicate entries in scan queue

    Why does Burp make duplicate entries with a status of "waiting" in the scan queue. It seems trivial to scan the list in code prior to the addition of a new URL and to not add it if there is already one there. I am requesting this change. Thanks!

    1 Agent Answer    0 Community Answer
    Sep 17, 2015 07:31PM UTC
  • Make filter input field red when active

    Hi, I have a small, but potentially time saving request: Could you please make the filter input field in the Target and Proxy tabs turn red when a filter is active? This is purely a visible indication to show the user that there is a filter active. Sometimes I forget the fact that I put a filter for one job when executing the next job (as filter settings are kept over different burp laun...

    1 Agent Answer    1 Community Answer
    Sep 17, 2015 07:59AM UTC
  • Use Collaborator server for CSRF POCs?

    Currently, my favorite ways to generate the "meat" for a CSRF demo is to use the Burp CSRF engagement tool. However, after I run the test locally with the burp tool, if I am dealing with XHR and CORS, I always move the POC to a "real" web server that will cause my browser to generate a pre-flight request. Depending on the engagement, I use a public webserver or just on a vm i...

    1 Agent Answer    2 Community Answers
    Sep 17, 2015 12:10AM UTC
  • Add a parameter to the scanner exclude list via right-click context menu on the Param tab

    I hope it doesn't take much work to add this feature to the current version. It would really be helpful if you can just right click on any parameter and add them to the exclude list of scanner rather than doing a copy and paste.

    1 Agent Answer    1 Community Answer
    Sep 14, 2015 11:43PM UTC