Feature Requests

Post a feature request

  • UI - Scanner - selected tab persistence (like in Proxy)

    Hi, I would like selected tab persistence when browsing through findings (exactly like in Proxy tab) - I select tab Response and it stays the selected one when I click on a different finding. A small thing, would help a lot to eliminate useless clicks when going through a bunch of similar findings' responses. Thanks.

    0 Community Answer
    May 18, 2015 05:10PM UTC
  • Reflected input monitor for passive scanning

    A new check should be introduced to passive scanner which will monitor all the requests and report if any of the input parameters get reflected in the response. This will be very useful in determining which parameters to focus on.

    1 Agent Answer    0 Community Answer
    May 15, 2015 06:41AM UTC
  • HTTP Parameter Pollution

    Are there plans to implement HTTP Parameter Pollution tests? More info: https://www.owasp.org/index.php/Testing_for_HTTP_Parameter_pollution_%28OTG-INPVAL-004%29

    4 Agent Answers    4 Community Answers
    May 13, 2015 06:36PM UTC
  • Repeater and intruder for pentesting WebSockets

    Hi, I'd love to see mentioned features implemented for pentesting WebSockets. Those features would be useful for testing both WS client and server. Also it would save me some time writing my own set of tools. Regards, Daniel Iziourov

    1 Agent Answer    0 Community Answer
    May 13, 2015 11:18AM UTC
  • Repeater UI - Fixed Placement of Tabs

    I would like for repeater to not move the location of tabs when selecting new repeater tabs. This occurs when the user has a large number of repeater tabs open (which happens to me when testing API calls where we make one repeater tab for each call). I think that it is easier to remember where tabs are visually, and it can be difficult to find the tab you are looking for when it is constantly movi...

    1 Agent Answer    0 Community Answer
    May 08, 2015 07:43PM UTC
  • Provide option to pass unaltered response back to client

    Recently we conducted an application assessment for an android application. The application communicated using gzip / deflate content encoding. Burp Suite was initially configured to unpack gzip/deflate encoded traffic via proxy options. This allowed us to see the server responses in the Target tab. However, it was evident that Burp was passing the unpacked version of the response back to the clie...

    1 Agent Answer    2 Community Answers
    May 07, 2015 02:17PM UTC
  • Built in Scripting Language

    So that a testar can script requests and responses on the fly without the pain of writing custom extensions. Extensions are awesome, but sometimes the timeframe is very limited, kicking the "write an extension for this" out in prol of python/perl scripting snippets. I've been looking at Burp BeanShell extension, seems pretty much like that. Thanks.

    1 Agent Answer    1 Community Answer
    May 06, 2015 09:40PM UTC
  • Find and replace in intruder

    It would be nice to have a find and replace within intruder, saving the tester from burp <-> notepad copy & paste kung foo. Sometimes the HTTP requests are so massive that makes impossible to set each entry point one by one.

    1 Agent Answer    2 Community Answers
    May 06, 2015 09:19PM UTC

    Some of our client like to map issue to known standards. Is there anyway to correspond the vulnerability with OWASP top 10 number (if it relates to it).

    1 Agent Answer    1 Community Answer
    May 04, 2015 08:12PM UTC
  • Differential Automatic Backup Functionality

    Automatic Backup is fantastic, it saved our work quite some time, when the Java environment decided to give up and crash. But, storing every time 700 megs, for example, in a state file, will fill up any hard drive over a weekend. Therefore it would be a great feature to have a differential storage. I know it might be bit difficult to create, but using the operating system software might get the jo...

    2 Agent Answers    1 Community Answer
    May 04, 2015 08:23AM UTC