Feature Requests

Post a feature request

  • Source IP addresses in Proxy/HTTP History

    It would be great if an additional column for the source IP address would exist, so we could see which client makes the selected request.

    3 Agent Answers    8 Community Answers
    Jun 24, 2015 07:24AM UTC
  • HTTP History - Filter on Edited Requests

    Could you add a filter to the HTTP History tab allowing selection of only edited requests/responses? Also would it be possible to make the comment column in the HTTP History table editable so that you don't have to use the context menu? Or perhaps add a comment field directly to the Request/Response window you get when you've double clicked an entry in the HTTP History table.

    2 Agent Answers    2 Community Answers
    Jun 23, 2015 05:58PM UTC
  • Burp Porxy Features- Replay Request

    Hi I would like to propose the following features in Burp. 1) Burp loads default profile:- Burp should allow users to specify the default template location. 2) Requests Replay :- We would like feed the requests & Response to other tools such as Appscan/webinspect. Fiddler has feature to repeat several requests at a time and auto-response feature. In burp we can only use repeater a...

    0 Community Answer
    Jun 20, 2015 07:46AM UTC
  • ASP.NET ValidateRequest bypass + tuning

    According to my experience Burp Suite doesn't check for this type of ValidateRequest filter bypass: http://www.jardinesoftware.net/2011/07/17/bypassing-validaterequest/ Would it be possible to add this to the Persistens XSS checks? (Sorry if I missed something) On a related note: Since ValidateRequest throws an exception when encountering typical XSS patterns many apps terminate the ...

    1 Agent Answer    0 Community Answer
    Jun 16, 2015 07:19AM UTC
  • Burp signed SSL certificates throw warning in Chrome

    When burp generates CA-signed per-host certificates, Google Chrome marks these sites as having "Weak Security configuration (SHA-1 signatures), so your connections may not be private. Screenshot: http://i.imgur.com/B5XcMF9.png It looks like Chrome is actively trying to sunset SHA-1 (https://blog.filippo.io/the-unofficial-chrome-sha1-faq/) So, I'm guessing this message can be removed i...

    1 Agent Answer    0 Community Answer
    Jun 10, 2015 07:28PM UTC
  • Automatic backup prefix

    Hi, it would nice to have an option to set prefix for automatic backup file name. When I am working on project1, I would like easy to set up prefix 'project1'. Then I can switch i.e. to project2 etc. Thanks Frantisek Uhrecky

    2 Agent Answers    1 Community Answer
    Jun 01, 2015 01:22PM UTC
  • Good XSS detection

    I'm somewhat disappointed. I conducted an nessus scan on a host, without entering any information. It found an XSS. When I did an active scan of the same host with Burp, Burp did not. It is a really easy to find XSS. I'm pretty amazed about this, since Burp is my choice for Web Testing. Please do have at least the level of accuracy as a regular nessus engine does when it comes to web...

    1 Agent Answer    0 Community Answer
    May 29, 2015 03:06PM UTC
  • Match -> Match/Replace.

    I would like to beg this request again, as there is a need for feature. Here the use case. I would like to be able to Match/Replace based on Matching a different value. I have been told to write it myself, but that would be like you trusting me to operate on you.....I can't perform that function. I don't code. if Match Request Header: POST /path/to/file then Match Request He...

    1 Agent Answer    2 Community Answers
    May 25, 2015 11:48PM UTC
  • UI - shortcuts - 'set Severity, Confidence', global 'enable/disable Proxy Intercept&#...

    I would like to have possibility to: - assign keyboard shortcuts to more actions, e.g.: in Scanner:Results - set Severity, Confidence level (I would use numkeys) - use global windows shortcut for some actions (e.g. enable/disable Proxy Intercept) Thanks, igor

    1 Agent Answer    0 Community Answer
    May 18, 2015 05:24PM UTC
  • UI - Scanner:Results - tag resolved findings

    Hi, I would love to be able to tag findings as 'already worked on and resolved' or 'read'. Helps in case I go through findings while the active scan is still on (reason being lack of time). In current state new findings are added to the Results tab and mix with those I have already seen and evaluated. My solution would be to have a possibility to tag a finding as e.g. '...

    1 Agent Answer    0 Community Answer
    May 18, 2015 05:18PM UTC