Feature Requests

Post a feature request

  • Use Other Burp Instance on Different Port as an Upstream Proxy to see Scanner requests

    If I want to see what requests are being sent by scanner, I usually run another Burp proxy instance and set my Upstream proxy to it. In that way when I look at the proxy history tab of that other burp proxy instance, I'd be able to see the requests being made by burp scanner. It would be nice if you don't have to do that, instead just add another proxy instance on a different port and us...

    1 Agent Answer    0 Community Answer
    Sep 14, 2015 11:43PM UTC
  • Burp Testing Methodologies

    Findings should include links to relavent Burp Testing Methodologies: https://support.portswigger.net/customer/portal/topics/792273-burp-testing-methodologies/articles?page=1

    1 Agent Answer    0 Community Answer
    Sep 14, 2015 01:23PM UTC
  • JSON decoder in "Decoder"

    Hi PORTSWIGGER team, I would be really greatful if you add support for JSON decoding to "Decoder". Because usually I find URLs like https%3a\/\/www.google.com\/blablabla... and I have to use other decoder like unescape() to work with a valid URL. Thanks.

    4 Agent Answers    6 Community Answers
    Sep 13, 2015 04:06AM UTC
  • Session handling rule action - replace part of request

    Hi, I'd like to propose a new session handling rule action that would basically replace any part of a request with a predefined constant. Just like s/const1/const2/g in vi would do. Thanks, PSi

    1 Agent Answer    0 Community Answer
    Sep 10, 2015 02:14PM UTC
  • Ignore 302's in "Discover content" tool

    I *love* the Discover content tool, and use it a lot. Unfortunately, on several jobs I've run into the issue where the web server was configured to respond with 302 instead of 404 when a non-existent URL path was requested. For example, if a GET was issued for target.com/noSuchPage.html, the web server would respond with a 302 and redirect to something like target.com/Error.aspx?Path=/...

    6 Agent Answers    14 Community Answers
    Aug 25, 2015 06:02AM UTC
  • One scanning queue per host ?

    Hello, When you have to work on multiple targets (hosts) and launch a scan on all of them, the scanning time is slowed down because you have a single queue. This single queue means that Burp have to finish scanning host1 pages before starting to scan host2. With one scanning queue per host total scanning time could be a lot faster. Of course you can tell Burp to "Scan next" an item...

    3 Agent Answers    3 Community Answers
    Aug 07, 2015 08:21AM UTC
  • IS there any new vulnerability introduced??

    IS there any new vulnerability introduced apart from OWASP top ten.

    1 Agent Answer    0 Community Answer
    Aug 07, 2015 06:31AM UTC
  • setting case sensitivity option

    When I'm sure I'm testing Windows environment and it doesn't matter on sensitivity, would it be possible to introduce an option where this could be turned on? I noticed that e.g. in Target Analyzer -> Parameters you are tracking every occurrence of different sensitivity as different one. Also in adding rules in Session handling (set a specific cookie or parameter value) it is cas...

    0 Community Answer
    Jul 31, 2015 01:17PM UTC
  • websockets 'Send to' repeater & intruder

    More and more of the Web apps I am pen-testing rely on Websockets for their main communication channel, and vector for XSS/sql-injection/CSRF etc. This would be very helpful if the functionality existing that exists for normal HTTP requests.

    7 Agent Answers    13 Community Answers
    Jul 30, 2015 10:56PM UTC
  • Save displayed columns in Intruder

    Would it be possible to save the selection of displayed columns in an Intruder Attack (either by default on exit or as option)? Thanks for looking into it!

    1 Agent Answer    0 Community Answer
    Jul 28, 2015 08:16AM UTC