Feature Requests

Post a feature request

  • Add time counter between Intruder requests (initiate an Intruder request every x seconds/minutes)

    Hello there, I would like to request a new feature be added to Intruder. I have come across web applications that use the time between requests to control against brute force attempts. As an example, if a user account has an incorrect username or password login twice within 2 minutes then an error message is displayed and the user is "temporarily suspended". After two minutes you can ...

    1 Agent Answer    0 Community Answer
    Jan 16, 2019 08:04AM UTC
  • Help please asap

    How do get online course?

    1 Agent Answer    0 Community Answer
    Jan 11, 2019 09:16AM UTC
  • Getting ISSUE on Burp suite

    i am getting this ISSUE when using the burp suite in ALERT tab :Software cause the connection abort : recv failed. Please could you give me the solution for this ISSUE ? and Please tell me the step by step process the to resolve the ISSUE? Thanks & Regards Satay

    1 Agent Answer    0 Community Answer
    Jan 09, 2019 05:26AM UTC
  • Use cookies switch in Repeater

    Hi, Many times, I need to test authenticated and unauthenticated stuff manually in Repeater. I know that I can go to settings and check the checkbox to use cookies/session management rules for Repeater, but that is pretty long. Would it be possible to have a switch button in the main repeater UI to "Use cookies/session management" or "Not use cookies/session management"? That ...

    1 Agent Answer    0 Community Answer
    Jan 07, 2019 09:42AM UTC
  • Severity / Confidence Labeling - add option of CONFIRMED

    When right clicking on an issue, is there any way can you add an additional option of "Confirmed" to the "Set Confidence" menu? (Maybe with a check-mark icon and different colored circle based on severity?) Just as you've provided an option to flag something as a "False Positive", it would be really helpful to be able to flag/mark issues as confirmed as well. ...

    2 Agent Answers    3 Community Answers
    Dec 31, 2018 06:12PM UTC
  • Support Center Bug Reports

    Can we get email notifications when someone replies to a bug report? It's pretty annoying to get back to the site until someone replied, and then having to look for the issue again. Thanks, Luca

    1 Agent Answer    0 Community Answer
    Dec 13, 2018 11:23AM UTC
  • Evaluating Burp Enterprise by scanning real-time projects

    Hello, I have been evaluating Burp ENT beta version for more than two weeks. I did scan some dummy and local websites (comparatively small). Everything went smooth. But, When I tried scanning for an actual website(comparatively large); Burp ENT didn't give satisfactory results. The website was either choked by a huge number of duplicate requests or stopped abruptly in the middle of scan...

    1 Agent Answer    1 Community Answer
    Dec 12, 2018 07:12AM UTC
  • REST API - Crawl Only

    Hi Burp Team, I would like two additional REST API endpoints that support crawl only functionality, mirroring the v2 UI. E.g. /crawl and /crawl/<taskid> Are there any plans to release this functionality in the near future? Maybe there is a way to achieve this using the /scan endpoint and a custom scan configuration? Thanks! Gary

    1 Agent Answer    0 Community Answer
    Dec 08, 2018 05:03PM UTC
  • Burp Collaborator further protocols

    Hi Burp Team, The burp collaborator is an awesome tool, I often use other protocols on top of HTTP/S and SMTP/S when testing SSRF and XXE however. Do you plan on supporting FTP/S or other protocols? As a dirty hack, one could do a FTP request on port 80 or 25 in order to see if credentials will be added. When I do a http connection (with curl) on port 25, I get a hit from the collaborator, ho...

    1 Agent Answer    0 Community Answer
    Dec 06, 2018 08:52AM UTC
  • Enforce sending of TLS client certificate

    When configuring a TLS client certificate in Burp, it is only used when the server requests it in the TLS handshake. However, it would be very helpful if there would be a checkbox, which enforces usage of the TLS client certificate for certain hostnames. There are servers that don't request one in the TLS handshake, but require one to be sent by the client.

    1 Agent Answer    0 Community Answer
    Dec 03, 2018 11:47AM UTC