Feature Requests

Post a feature request

  • Repeater UI - Fixed Placement of Tabs

    I would like for repeater to not move the location of tabs when selecting new repeater tabs. This occurs when the user has a large number of repeater tabs open (which happens to me when testing API calls where we make one repeater tab for each call). I think that it is easier to remember where tabs are visually, and it can be difficult to find the tab you are looking for when it is constantly movi...

    1 Agent Answer    0 Community Answer
    May 08, 2015 07:43PM UTC
  • Provide option to pass unaltered response back to client

    Recently we conducted an application assessment for an android application. The application communicated using gzip / deflate content encoding. Burp Suite was initially configured to unpack gzip/deflate encoded traffic via proxy options. This allowed us to see the server responses in the Target tab. However, it was evident that Burp was passing the unpacked version of the response back to the clie...

    1 Agent Answer    2 Community Answers
    May 07, 2015 02:17PM UTC
  • Built in Scripting Language

    So that a testar can script requests and responses on the fly without the pain of writing custom extensions. Extensions are awesome, but sometimes the timeframe is very limited, kicking the "write an extension for this" out in prol of python/perl scripting snippets. I've been looking at Burp BeanShell extension, seems pretty much like that. Thanks.

    1 Agent Answer    1 Community Answer
    May 06, 2015 09:40PM UTC
  • Find and replace in intruder

    It would be nice to have a find and replace within intruder, saving the tester from burp <-> notepad copy & paste kung foo. Sometimes the HTTP requests are so massive that makes impossible to set each entry point one by one.

    1 Agent Answer    2 Community Answers
    May 06, 2015 09:19PM UTC

    Some of our client like to map issue to known standards. Is there anyway to correspond the vulnerability with OWASP top 10 number (if it relates to it).

    1 Agent Answer    1 Community Answer
    May 04, 2015 08:12PM UTC
  • Differential Automatic Backup Functionality

    Automatic Backup is fantastic, it saved our work quite some time, when the Java environment decided to give up and crash. But, storing every time 700 megs, for example, in a state file, will fill up any hard drive over a weekend. Therefore it would be a great feature to have a differential storage. I know it might be bit difficult to create, but using the operating system software might get the jo...

    2 Agent Answers    1 Community Answer
    May 04, 2015 08:23AM UTC
  • HTTP2 support

    I would like to test an application running on HTTP2. Do you have any roadmap for supporting HTTP2?

    12 Agent Answers    17 Community Answers
    May 04, 2015 12:49AM UTC
  • encoder stuff

    Url encoding, would be nice if two options exist; one that encodes everything. and one that encodes just the characters that are necessary. I keep seeing apps that are microsoft stacks that seem to dislike characters that are encoded when they dont need to be. I dont think the RFC cares, but apps do :D Within the params tab of a request, it would be nice to have the option for each param to se...

    1 Agent Answer    0 Community Answer
    Apr 28, 2015 05:34AM UTC
  • Hide viewstate

    I would like to have a native function to hide huge viewstates from ASP.NET web applications. Or even better, if it could be possible to toggle the visibility for any variable

    1 Agent Answer    0 Community Answer
    Apr 24, 2015 09:55AM UTC
  • API to update Requests as presented in UI in Proxy, Repeater, etc.

    Hi, I have written some custom extensions using both the java API and jython. Typically, it is for things like setting custom headers. While they work (they do send the custom headers) it's hard to see exactly what was sent since the UI doesn't update after the message is set. The work around I'm using to get passed this is to chain 2 instances of burp together, with the custo...

    1 Agent Answer    0 Community Answer
    Apr 21, 2015 09:06PM UTC