Feature Requests

Post a feature request

  • Tear off for Options

    It would be quite nice to be able to tear the two Options menus off (Project & User) like the rest. There are times where flipping some switches is part of my testing workflow. -m

    1 Agent Answer    0 Community Answer
    Sep 06, 2018 12:44AM UTC
  • Burp v2.0.04beta - change User Agent

    I know you are now using Chromium browser. However, the environment I test on simply tells me "Your browser is not supported" and the default crawling doesn't work (gives up after 10 requests to / ). Would it be possible to set the useragent to some custom value, like it was with old Spider?

    2 Agent Answers    1 Community Answer
    Sep 05, 2018 02:49PM UTC
  • Burp 2: Application Login - 2nd authentication step

    The New Login Credentials accept username and password. Would it be possible to introduce an optional 2nd authentication step, like PIN (with static value)? For example, user needs to fill in username+password, followed by PIN on 2nd page for authentication to be complete.

    1 Agent Answer    1 Community Answer
    Sep 03, 2018 07:30AM UTC
  • Burp 2: Application Login - credentials test button

    Hi, I love the new Application Login. Would it be possible to have a Test/Try button there? After clicking on this button, the new Chromium rendering view could be opened, showing the page after successful login (or better yet, the entire process of logging in). This button would serve to double-check if Burp login is indeed successful when attempted.

    1 Agent Answer    0 Community Answer
    Sep 03, 2018 06:59AM UTC
  • How to prevent Mod_security being activated when using the burp suite?

    Hello, I have 3 questions. 1) How to prevent Mod_security being activated when using the burp suite? Websites are blocking my ip address... to solve this problem I want to automatically change my IP address each X seconds. So this is my second question: 2))I want to use an IP changer tool which will listen to the same address ( and port (8080)as the burp suite. but I read that its im...

    1 Agent Answer    0 Community Answer
    Aug 28, 2018 01:26PM UTC
  • Attack payloads in unquoted JSON attributes

    I observed that burp scanner sends attack payloads in unquoted JSON attributes, which usually results in server side parsing errors. I repeated the attack request with quoted attribute and there were no parsing errors. Will it be a good idea to add quotes to unquoted attribute after inserting the payloads during active scan ? I am just spitballing, I may be wrong. Thank you !

    1 Agent Answer    0 Community Answer
    Aug 22, 2018 04:32PM UTC
  • External service interaction (DNS & HTTP)

    Dear Team, During my assessment of a Web app, BurpSuite gave below High Vulnerabilities: 1. Out-of-band resource load (HTTP) 2. External service interaction (DNS & HTTP) Example of a Request & response: Request Response Could you please send more detailed remediations of this. What does the developers actually have to do to overcome this vulnerabilities? This...

    1 Agent Answer    0 Community Answer
    Aug 20, 2018 03:05PM UTC
  • Target: Issues - Selected tab should be kept open when browsing findings (like Proxy History does)

    If I select certain tab in 'Proxy > HTTP History', it is kept open even if I change to a different request line (e.g. 'Original response', 'Auto-modified response'). The same does not happen in 'Target > Site map > Issues' tab - after change to another issue the tab open is 'Advisory' by default. Going through reponses in hundreds of sub-i...

    1 Agent Answer    1 Community Answer
    Aug 16, 2018 03:49PM UTC
  • Filter by highlight color in history tab under proxy

    Hello , It would be a useful feature to have a filter based on different colors available for highlighting. One can categorize while testing and then while writing reports , find requests / responses quickly by filtering.

    1 Agent Answer    0 Community Answer
    Aug 08, 2018 03:08PM UTC
  • Import client certificate from PKCS12 containing more than one cert

    Back-story: I work with a lot of p12 files that contain an encryption cert and a signing cert for the same user DN, often with the encryption cert first in the p12 file. I have inadvertently wasted more time than I want to admit banging my head against my keyboard that a p12 which works fine in Firefox is completely broken in Burp Pro. (eventually finding the problem, usually after setting up Wir...

    1 Agent Answer    0 Community Answer
    Aug 02, 2018 12:54AM UTC