Disable popup window for automatic backups
When automatic backups are enabled, a window pops up and gains operating system focus to display backup process. When Burp is not the active Window, this can interrupt use of other applications. This is common for long-running scans. Please change this behavior, to avoid stealing focus. For example, display the progress bar either inside an existing window or in the title bar of the existing ma...1 Agent Answer 1 Community AnswerMar 11, 2015 08:50PM UTC
Additional step for scanner options when launching active scanner.
It would be awesome to have an additional step when launching an active scan, for configuring what are the parameters that we want to scan without have to mess with the general config. For example: Lets say that for this scan I only want to test MySQL SQL Injections in URL parameters or only want to test for XSS in Body Parameters.2 Agent Answers 4 Community AnswersMar 06, 2015 10:59AM UTC
Add tests for SQL injection with Tabs rather than Spaces?
I was working through the Pentester Lab: Web For Pentester (https://www.vulnhub.com/entry/pentester-lab-web-for-pentester,71/) SQL injections, and the Example 2 injection rejects all inputs with spaces in them. Using TAB characters (%09) instead of spaces works, but running the page through Burp Suite Pro's Active Scanner doesn't pick up on the vulnerability. Are there any plans to im...1 Agent Answer 0 Community AnswerMar 06, 2015 04:50AM UTC
The following section: Options > Connections > Out-of-Scope Requests should be moved to Target Scope.1 Agent Answer 0 Community AnswerMar 03, 2015 05:44PM UTC
Every time the Burp is started, the previous Target - Scope and the Target Filter are reset.
Every time the Burp is started, the previous Target - Scope and the Target Filter are reset.1 Agent Answer 0 Community AnswerFeb 25, 2015 03:01PM UTC
save state wizard. (Exclude static content, Exclude by file extension)
Hi, result: huge state file. why? huge static web application with few dynamic pages New feature on the save state wizard: Exclude static content / export dynamic content only Exclude by file extension Thanks in advance Tal1 Agent Answer 0 Community AnswerFeb 23, 2015 11:23PM UTC
Auto start certain Engagement tools
Target > Site map > right click on target URL > Engagement tools: Find comments - should auto start Find scripts - should auto start Find references already does this.2 Agent Answers 0 Community AnswerFeb 22, 2015 09:28PM UTC
Ability to Add to Scope from Proxy Intercept Tab
I do not believe this is possible today but I would like if there was an option "Add to scope" as one of the options under "Action" when intercepting packets. Thanks!1 Agent Answer 0 Community AnswerFeb 11, 2015 06:10PM UTC
PHP extract() vulnerabilities
Please see this post about the risks of using PHP function extract() improperly: http://davidnoren.com/2013/07/03/php-extract-vulnerability/ At the end of the post are a few ideas on how to test for it. Unsure if those can be automated. Submitting an official feature request, after noting user surreal requested this on the user forums: http://forum.portswigger.net/thread/1540/scanner-test-php-e...1 Agent Answer 0 Community AnswerFeb 09, 2015 05:06PM UTC
force update check
Already posted here and then noticed, this is the new way to do it. http://forum.portswigger.net/thread/1686/force-update-check Current situation/problem: Burp only checks for new versions on startup. So when you can only connect to the internet via a proxy and it is not entered on start, the update check will fail. The only way to recheck for an update is to enter the proxy, close and restar...3 Agent Answers 3 Community AnswersFeb 08, 2015 09:55PM UTC