login

Burp Suite, the leading toolkit for web application security testing

PortSwigger Web Security Blog

Tuesday, 11 September 2007

Burp Suite feature requests - thank you

Thanks to everyone who responded to my request for suggestions. I've had over 100 messages in various forms, so there are plenty of ideas of what else to include. Here are just a few of the requests I will be aiming to incorporate (in addition to those I mentioned previously):

  • token analyser;

  • option for Intruder/Repeater to follow 3xx redirects;

  • back/forward buttons in Proxy history;

  • fixing the bug with the payload marker when some unusual character sets are used;

  • doing automated find/replace in the message body as well as headers.

Probably the most optimistic request was: "Can you write hooks into all common networking and SSL libraries to make a process use a proxy even if it is not configured to natively?" I already did this for WinINet. But sorry, Ollie, I doubt I'll have the energy to do all the others!

As well as all the good ideas for new features, I received many requests for things that are already there, including:

  • response interception;

  • function to search each request/response;

  • tree view of site being browsed;

  • saving of preferences;

  • NTLM authentication;

  • support for upstream proxy.

Plenty of people emailed me "Great tool, I use it every day, can you make it do X?", when X has been there since day one. May I respectfully suggest that anyone who is missing the above features should take a quick look at the help (or even just the options panels) to find what they are looking for!

1 comment:

Anonymous said...

thanks mate.
doing automated find/replace in the message body as well as headers sounds pretty neat.

looking forward to the new burpsuite as well as your book.


User Forum

Get help from other users, at the Burp Suite User Forum:

Visit the forum ›

Copyright 2014 PortSwigger Ltd. All rights reserved.