Feature Requests

• IPv6 Support

  Burp suite currently doesn't support IPv6, except through /etc/hosts tinkering (which fails if there are redirects in the application e.g. to absolute IPs). IPv6 is widely deployed in a number of markets and a professional tool such as burp should fully support it.

  4 Agent Answers    3 Community Answers

  Apr 24, 2018 04:04AM UTC
• Clean/Archive to Reduce Project file Size

  Hi, There should be a way to cleanup and reduce project file size to a bare minimum like selectively removing specific stuff from the project file like responses or requests and keeping only settings and vulnerabilities and in-scope items maps

  1 Agent Answer    1 Community Answer

  Apr 23, 2018 10:38PM UTC
• Target analyzer filter

  It would be nice if filtering functionality was added to the target analyzer. This way it would for example be possible to quickly filter out parameters used on a certain URL path, useful in big projects.

  1 Agent Answer    0 Community Answer

  Apr 20, 2018 09:16AM UTC
• Feature: URL-safe base64 encoder

  Burp Base64 decoder is not URL-safe. When decoding encoding strings with URL-safe generated by tools like below, actual values cannot be obtained. http://www.simplycalc.com/base64url-encode.php

  2 Community Answers

  Apr 18, 2018 06:41AM UTC
• Support sorting in Burp Extension tag

  Currently, sorting doesn't happen when clicking columns headers like Loaded, Type, Name. When having lots of extension,s it's very hard to navigate. https://snag.gy/38SP7T.jpg

  1 Agent Answer    0 Community Answer

  Apr 18, 2018 03:07AM UTC
• Changing Intruder Attack Column Names

  It would be helpful being able to change the column names of an attack carried out with Intruder. For reporting purposes and screenshots, choosing more descriptive column names than, for instance, "Payload," is often times desired.

  1 Agent Answer    0 Community Answer

  Apr 13, 2018 10:00AM UTC
• Filter: add JSON MIME

  I would like to see only JSON in proxy history, with the help of proxy history filter. Currently JSON is categorized as “Scripts” in MIME filter, but JSON are typically different from normal JavaScript, especially in the case of SPA (Single Page Application). In SPA JavaScript are typically static, while JSON are typically dynamic data from AJAX API.

  1 Agent Answer    0 Community Answer

  Apr 06, 2018 02:19AM UTC
• Content Discovery make it more clear what has been discovered

  I my opinion it is not clear at all what has been discovered using the Content Discovery functionality. Please make it clear in the sitemap what exactly has been discovered. Perhaps you guys could simply add an extra column in the table with the requests? Or am I missing something here?

  4 Agent Answers    5 Community Answers

  Mar 28, 2018 07:11PM UTC
• Content Discovery remove items from Queued Tasks

  Would be very nice if it is possible to remove items from the "Queued Tasks" in the content discovery to for example avoid unnecessary discovery tasks. Think this one is easy to implement ;)

  1 Agent Answer    1 Community Answer

  Mar 28, 2018 07:05PM UTC
• Save Scan Report Wizard Defaults in Project Settings

  Hello! We use Burp Suite with the Carbonator extension to scan our site automatically during regression testing with Selenium. Being able to run the scanner and create reports using Burp Extender is very useful, but the reports generated use the default settings from the report wizard. It would be incredibly helpful to either be able to save a new set of default settings inside the project set...

  1 Agent Answer    0 Community Answer

  Mar 28, 2018 06:51PM UTC