Feature Requests

Post a feature request

  • Out-of-Scope Requests

    The following section: Options > Connections > Out-of-Scope Requests should be moved to Target Scope.

    1 Agent Answer    0 Community Answer
    Mar 03, 2015 05:44PM UTC
  • Every time the Burp is started, the previous Target - Scope and the Target Filter are reset.

    Every time the Burp is started, the previous Target - Scope and the Target Filter are reset.

    1 Agent Answer    0 Community Answer
    Feb 25, 2015 03:01PM UTC
  • save state wizard. (Exclude static content, Exclude by file extension)

    Hi, result: huge state file. why? huge static web application with few dynamic pages New feature on the save state wizard: Exclude static content / export dynamic content only Exclude by file extension Thanks in advance Tal

    1 Agent Answer    0 Community Answer
    Feb 23, 2015 11:23PM UTC
  • Auto start certain Engagement tools

    Target > Site map > right click on target URL > Engagement tools: Find comments - should auto start Find scripts - should auto start Find references already does this.

    2 Agent Answers    0 Community Answer
    Feb 22, 2015 09:28PM UTC
  • Ability to Add to Scope from Proxy Intercept Tab

    I do not believe this is possible today but I would like if there was an option "Add to scope" as one of the options under "Action" when intercepting packets. Thanks!

    1 Agent Answer    0 Community Answer
    Feb 11, 2015 06:10PM UTC
  • PHP extract() vulnerabilities

    Please see this post about the risks of using PHP function extract() improperly: http://davidnoren.com/2013/07/03/php-extract-vulnerability/ At the end of the post are a few ideas on how to test for it. Unsure if those can be automated. Submitting an official feature request, after noting user surreal requested this on the user forums: http://forum.portswigger.net/thread/1540/scanner-test-php-e...

    1 Agent Answer    0 Community Answer
    Feb 09, 2015 05:06PM UTC
  • force update check

    Already posted here and then noticed, this is the new way to do it. http://forum.portswigger.net/thread/1686/force-update-check Current situation/problem: Burp only checks for new versions on startup. So when you can only connect to the internet via a proxy and it is not entered on start, the update check will fail. The only way to recheck for an update is to enter the proxy, close and restar...

    3 Agent Answers    3 Community Answers
    Feb 08, 2015 09:55PM UTC
  • Comparer "Next modified section" feature

    To whom it may concern, I would love to see a feature in the word compare, where I can jump to the next difference. Currently it is only highlighted the modified / deleted / added parts, but it would be awesome not to have to search by hand for those highlights. Often I have to really slowly (manually) search for those sections in a big response. Thanks!

    1 Agent Answer    2 Community Answers
    Feb 06, 2015 04:21PM UTC
  • Configure the parameter separator on GET and POST reponses

    Actually the parameter separator is the & symbol, but sometimes the applications use different character as parameter separators, for example a lot of tomcat applications use the | character. It could be very very useful if burp allows to set the character separators ( & | ; )

    1 Agent Answer    1 Community Answer
    Feb 04, 2015 12:42PM UTC
  • disable Payload encoding and auto load payloads through API

    It would be nice if the payloads get automatically loaded from custom file when invoking sendToIntruder method and API method to disable URL encode these characters through API. Thereby launching the attack through API

    2 Agent Answers    3 Community Answers
    Feb 03, 2015 08:25AM UTC