Feature Requests

Post a feature request

  • Support Center Bug Reports

    Can we get email notifications when someone replies to a bug report? It's pretty annoying to get back to the site until someone replied, and then having to look for the issue again. Thanks, Luca

    1 Agent Answer    0 Community Answer
    Dec 13, 2018 11:23AM UTC
  • Evaluating Burp Enterprise by scanning real-time projects

    Hello, I have been evaluating Burp ENT beta version for more than two weeks. I did scan some dummy and local websites (comparatively small). Everything went smooth. But, When I tried scanning for an actual website(comparatively large); Burp ENT didn't give satisfactory results. The website was either choked by a huge number of duplicate requests or stopped abruptly in the middle of scan...

    1 Agent Answer    1 Community Answer
    Dec 12, 2018 07:12AM UTC
  • REST API - Crawl Only

    Hi Burp Team, I would like two additional REST API endpoints that support crawl only functionality, mirroring the v2 UI. E.g. /crawl and /crawl/<taskid> Are there any plans to release this functionality in the near future? Maybe there is a way to achieve this using the /scan endpoint and a custom scan configuration? Thanks! Gary

    1 Agent Answer    0 Community Answer
    Dec 08, 2018 05:03PM UTC
  • Burp Collaborator further protocols

    Hi Burp Team, The burp collaborator is an awesome tool, I often use other protocols on top of HTTP/S and SMTP/S when testing SSRF and XXE however. Do you plan on supporting FTP/S or other protocols? As a dirty hack, one could do a FTP request on port 80 or 25 in order to see if credentials will be added. When I do a http connection (with curl) on port 25, I get a hit from the collaborator, ho...

    1 Agent Answer    0 Community Answer
    Dec 06, 2018 08:52AM UTC
  • Enforce sending of TLS client certificate

    When configuring a TLS client certificate in Burp, it is only used when the server requests it in the TLS handshake. However, it would be very helpful if there would be a checkbox, which enforces usage of the TLS client certificate for certain hostnames. There are servers that don't request one in the TLS handshake, but require one to be sent by the client.

    1 Agent Answer    0 Community Answer
    Dec 03, 2018 11:47AM UTC
  • Security standards

    Do the vunarabilities identified are classified to any security standards (OWASP/CWE)? Also whether the latest scanner covers all the OWASP 2017 top 10 vunarabilities ?

    1 Agent Answer    0 Community Answer
    Nov 23, 2018 11:48AM UTC
  • Is there anyway to automatic resend request with 5xx Status in Intruder module.

    Is there anyway to automatic resend request with 5xx Status & "no response" in Intruder module. I always have to manual resend 100k or more request with 5xx Status or "no response" after 10m request. Which is very exhausting, is there any way to automatic that?

    2 Agent Answers    4 Community Answers
    Nov 02, 2018 05:29PM UTC
  • Per-Extension IRequestResponse Comment

    Adding a comment to a IRequestResponse object can be useful for a number of things. However, not all extensions consider that this is a shared field and may overwrite values set by other extensions. A solution to this may be to store comments per-extension.

    1 Agent Answer    0 Community Answer
    Nov 02, 2018 09:50AM UTC
  • Add duplicate token detection to Sequencer

    I was recently working on a badly broken app that had home rolled session tokens (never a good thing). The token entropy was so bad that there were even duplicates in the sequence. Now, whilst this is the kind of thing that's relatively easy to find by simply sorting/searching for dups in a text editor, it would be a really useful thing to have burnt into the sequencer and mentioned on the...

    1 Agent Answer    0 Community Answer
    Nov 01, 2018 10:25AM UTC
  • Allow custom color highlighting

    I like the color highlighting of requests in the proxy http history, but the hard-coded colors are mostly too bright/vibrant. It would be nice to be able to use a custom color so I can use softer colors.

    1 Agent Answer    0 Community Answer
    Oct 31, 2018 08:53PM UTC