Friday, June 22, 2007

Burp Suite - feature requests please

Now that the manuscript for The Web Application Hacker's Handbook is out of the way, I'll have some proper time to think about the next release of Burp Suite. This will be a major upgrade with lots of new features in all of the tools, including:

  • Improved rendering and analysis of HTTP messages wherever they appear [preview].

  • Function to do a compare/diff between any set of requests and responses.

  • Versatile decoder/encoder with intelligence to detect encoding types and do recursive decoding.

  • Support for client SSL certificates.

  • New payload generators in Intruder.

At this point, it would be good to hear any other feature requests that people have, however large or small. Please leave them in the comments and I'll address as many as I can.