Feature Requests

Post a feature request

  • Use cookies switch in Repeater

    Hi, Many times, I need to test authenticated and unauthenticated stuff manually in Repeater. I know that I can go to settings and check the checkbox to use cookies/session management rules for Repeater, but that is pretty long. Would it be possible to have a switch button in the main repeater UI to "Use cookies/session management" or "Not use cookies/session management"? That ...

    1 Agent Answer    0 Community Answer
    Jan 07, 2019 09:42AM UTC
  • Severity / Confidence Labeling - add option of CONFIRMED

    When right clicking on an issue, is there any way can you add an additional option of "Confirmed" to the "Set Confidence" menu? (Maybe with a check-mark icon and different colored circle based on severity?) Just as you've provided an option to flag something as a "False Positive", it would be really helpful to be able to flag/mark issues as confirmed as well. ...

    1 Agent Answer    2 Community Answers
    Dec 31, 2018 06:12PM UTC
  • Support Center Bug Reports

    Can we get email notifications when someone replies to a bug report? It's pretty annoying to get back to the site until someone replied, and then having to look for the issue again. Thanks, Luca

    1 Agent Answer    0 Community Answer
    Dec 13, 2018 11:23AM UTC
  • Evaluating Burp Enterprise by scanning real-time projects

    Hello, I have been evaluating Burp ENT beta version for more than two weeks. I did scan some dummy and local websites (comparatively small). Everything went smooth. But, When I tried scanning for an actual website(comparatively large); Burp ENT didn't give satisfactory results. The website was either choked by a huge number of duplicate requests or stopped abruptly in the middle of scan...

    1 Agent Answer    1 Community Answer
    Dec 12, 2018 07:12AM UTC
  • REST API - Crawl Only

    Hi Burp Team, I would like two additional REST API endpoints that support crawl only functionality, mirroring the v2 UI. E.g. /crawl and /crawl/<taskid> Are there any plans to release this functionality in the near future? Maybe there is a way to achieve this using the /scan endpoint and a custom scan configuration? Thanks! Gary

    1 Agent Answer    0 Community Answer
    Dec 08, 2018 05:03PM UTC
  • Burp Collaborator further protocols

    Hi Burp Team, The burp collaborator is an awesome tool, I often use other protocols on top of HTTP/S and SMTP/S when testing SSRF and XXE however. Do you plan on supporting FTP/S or other protocols? As a dirty hack, one could do a FTP request on port 80 or 25 in order to see if credentials will be added. When I do a http connection (with curl) on port 25, I get a hit from the collaborator, ho...

    1 Agent Answer    0 Community Answer
    Dec 06, 2018 08:52AM UTC
  • Enforce sending of TLS client certificate

    When configuring a TLS client certificate in Burp, it is only used when the server requests it in the TLS handshake. However, it would be very helpful if there would be a checkbox, which enforces usage of the TLS client certificate for certain hostnames. There are servers that don't request one in the TLS handshake, but require one to be sent by the client.

    1 Agent Answer    0 Community Answer
    Dec 03, 2018 11:47AM UTC
  • Security standards

    Do the vunarabilities identified are classified to any security standards (OWASP/CWE)? Also whether the latest scanner covers all the OWASP 2017 top 10 vunarabilities ?

    1 Agent Answer    0 Community Answer
    Nov 23, 2018 11:48AM UTC
  • Is there anyway to automatic resend request with 5xx Status in Intruder module.

    Is there anyway to automatic resend request with 5xx Status & "no response" in Intruder module. I always have to manual resend 100k or more request with 5xx Status or "no response" after 10m request. Which is very exhausting, is there any way to automatic that?

    2 Agent Answers    4 Community Answers
    Nov 02, 2018 05:29PM UTC
  • Per-Extension IRequestResponse Comment

    Adding a comment to a IRequestResponse object can be useful for a number of things. However, not all extensions consider that this is a shared field and may overwrite values set by other extensions. A solution to this may be to store comments per-extension.

    1 Agent Answer    0 Community Answer
    Nov 02, 2018 09:50AM UTC