Use Other Burp Instance on Different Port as an Upstream Proxy to see Scanner requests
If I want to see what requests are being sent by scanner, I usually run another Burp proxy instance and set my Upstream proxy to it. In that way when I look at the proxy history tab of that other burp proxy instance, I'd be able to see the requests being made by burp scanner. It would be nice if you don't have to do that, instead just add another proxy instance on a different port and us...1 Agent Answer 0 Community AnswerSep 14, 2015 11:43PM UTC
Burp Testing Methodologies
Findings should include links to relavent Burp Testing Methodologies: https://support.portswigger.net/customer/portal/topics/792273-burp-testing-methodologies/articles?page=11 Agent Answer 0 Community AnswerSep 14, 2015 01:23PM UTC
JSON decoder in "Decoder"
Hi PORTSWIGGER team, I would be really greatful if you add support for JSON decoding to "Decoder". Because usually I find URLs like https%3a\/\/www.google.com\/blablabla... and I have to use other decoder like unescape() to work with a valid URL. Thanks.4 Agent Answers 6 Community AnswersSep 13, 2015 04:06AM UTC
Session handling rule action - replace part of request
Hi, I'd like to propose a new session handling rule action that would basically replace any part of a request with a predefined constant. Just like s/const1/const2/g in vi would do. Thanks, PSi1 Agent Answer 0 Community AnswerSep 10, 2015 02:14PM UTC
Ignore 302's in "Discover content" tool
I *love* the Discover content tool, and use it a lot. Unfortunately, on several jobs I've run into the issue where the web server was configured to respond with 302 instead of 404 when a non-existent URL path was requested. For example, if a GET was issued for target.com/noSuchPage.html, the web server would respond with a 302 and redirect to something like target.com/Error.aspx?Path=/...6 Agent Answers 14 Community AnswersAug 25, 2015 06:02AM UTC
One scanning queue per host ?
Hello, When you have to work on multiple targets (hosts) and launch a scan on all of them, the scanning time is slowed down because you have a single queue. This single queue means that Burp have to finish scanning host1 pages before starting to scan host2. With one scanning queue per host total scanning time could be a lot faster. Of course you can tell Burp to "Scan next" an item...3 Agent Answers 3 Community AnswersAug 07, 2015 08:21AM UTC
IS there any new vulnerability introduced??
IS there any new vulnerability introduced apart from OWASP top ten.1 Agent Answer 0 Community AnswerAug 07, 2015 06:31AM UTC
setting case sensitivity option
When I'm sure I'm testing Windows environment and it doesn't matter on sensitivity, would it be possible to introduce an option where this could be turned on? I noticed that e.g. in Target Analyzer -> Parameters you are tracking every occurrence of different sensitivity as different one. Also in adding rules in Session handling (set a specific cookie or parameter value) it is cas...0 Community AnswerJul 31, 2015 01:17PM UTC
websockets 'Send to' repeater & intruder
More and more of the Web apps I am pen-testing rely on Websockets for their main communication channel, and vector for XSS/sql-injection/CSRF etc. This would be very helpful if the functionality existing that exists for normal HTTP requests.7 Agent Answers 13 Community AnswersJul 30, 2015 10:56PM UTC
Save displayed columns in Intruder
Would it be possible to save the selection of displayed columns in an Intruder Attack (either by default on exit or as option)? Thanks for looking into it!1 Agent Answer 0 Community AnswerJul 28, 2015 08:16AM UTC