Feature Requests

• report

  Hey, Burp should add a feature to export Report according to OWASP top 10 vulnerability.

  1 Agent Answer    0 Community Answer

  Jun 13, 2018 06:45PM UTC
• Add a hint to proxy error pages about out of scope responses when dropping out of scope requests

  Hello, It may be helpful for troubleshooting to add a hint to proxy error pages about out of scope responses when dropping out of scope requests. Users may forget that the under the project options tab, connections tab in the out of scope responses section that they have the "drop all out of scope requests" checked when they visit a site that is not yet in scope. A reminder like ...

  1 Agent Answer    0 Community Answer

  Jun 11, 2018 02:53PM UTC
• Option to create NSS key log file

  It would be great to have an option in Burp to create a NSS Key Log file (https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format), it would really help debugging problems with SSL client certificates and the like! Thanks!

  1 Agent Answer    0 Community Answer

  Jun 11, 2018 10:57AM UTC
• Dynamically create proxy autoconfig files

  Love your product, been using it for over a decade. I just had an idea for a feature that I think would be really interesting and useful. You could dynamically create a proxy autoconfig file that would only proxy items that are listed in the Burp project scope. If Burp weren't running, this would have the effect of proxying nothing; if it were, it would proxy nothing until something was...

  1 Agent Answer    0 Community Answer

  Jun 06, 2018 04:26AM UTC
• Issue object also record the original HTTP Message(base request and response)

  Hi Team, Hope Issue object also record the original HTTP Message(base request and response) when record the HTTP messages on the basis of which the issue was generated. why I need this? I want to write a extender that can re-test specified issue (as descripted here: https://support.portswigger.net/customer/portal/questions/14466803-re-run-specific-scanner-checks) . it's need ...

  2 Agent Answers    1 Community Answer

  Jun 03, 2018 02:32AM UTC
• suite-wide level traffic blacklist

  Hope to add a scope blacklist option."Don't send items to Proxy history or other Burp tools, if in scope black list". and take effect before any other rules that filte traffic. if we just don't want to see noises like those: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=60.0&pver=2.2 https://start.firefoxchina.cn/js/worldinde...

  1 Agent Answer    1 Community Answer

  Jun 03, 2018 02:11AM UTC
• New Intruder payload processing rules

  - Character length - Modify case: reverse/invert case (also in Case Modification payload type) - Reverse string - Trim whitespace (leading, trailing, both)

  1 Agent Answer    0 Community Answer

  May 29, 2018 07:38PM UTC
• Intruder: allow negative Step values for Character Blocks, Dates payload types

  .

  1 Agent Answer    0 Community Answer

  May 29, 2018 07:29PM UTC
• Detect UTF-8 encodings in Content-Type header

  Currently request body and response body is decoded with Latin-1, inferred from question 17199168. The "Latin-1" is very ambiguous, but here I suppose "code page 1252" is referred to. According to HTTP standard, if Content-Type header specifies a "charset" directive, HTTP body should be decoded with that character encoding (see https://developer.mozilla.org/en-US/docs...

  1 Agent Answer    0 Community Answer

  May 25, 2018 10:27PM UTC
• Emptying cookie jar with new session

  When I have a name of the cookie which is changing with different sessions (cookie name is dynamic as well), Burp stores each new name in the cookie jar and then sends it within the requests. Within a session management, it would be great to have a checkbox. When the session is deemed invalid, Burp would clear the entire cookie jar. In such a case, all the new cookies would be valid (since the...

  4 Agent Answers    3 Community Answers

  May 23, 2018 02:23PM UTC