login

Burp Suite, the leading toolkit for web application security testing

PortSwigger Web Security Blog

Friday, 7 November 2008

[MoBP] The new proxy history

If I had a pound for every time someone has asked me if you can clear the Burp Proxy history, I'd have quite a few quid by now.

Well, the Proxy history just got a whole lot more powerful, and yes, you can even clear it if you want to.

Without further ado, here is what the Proxy history now looks like:

The most obvious addition is the preview pane, which means you can quickly see the contents of requests and responses by selecting an individual item in the table. As previously, you can still double-click an item to pop up a new window showing the request and response details.

There are also a few new columns, showing the response MIME type, HTML page title and the time of day. The table content is now forward- and reverse-sortable by clicking on any column header, enabling you to quickly locate what you are looking for.

There is a filter bar above the table which works in the same way as the site map filter, allowing you to filter on MIME type or HTTP status code, or to show only requests containing parameters, only items that are within the defined attack scope, etc.

The context menu is improved with several new items including ... drum roll ... the facility to delete the selected item(s), so you can clear any or all unnecessary items from the history. By combining column sorting, multi-select, and item deletion, you can quickly eliminate items from the history that you don't need there:

7 comments:

Rogan said...

It's starting to look more and more like WebScarab :-)

Apart from the delete history feature and filters which are neat.

I'm watching Burp's evolution with much interest. Good stuff!

Kris said...

The preview pane was one of the things I missed until now.

Jesper said...

Perfect!

"Clear the Burp Proxy history"

worth waiting for...


Keep up!

Anonymous said...

neeto !

whats the ETA on the new version ?

Also, is there any plan to add 'automated scanning, for xss, sqli for example' even a basic version.

PortSwigger said...

@Anonymous

ETA December.

And watch this space re scanning :)

Eric said...

Any chance you can also save the history and reopen it at a later time? Or, even better, save portions of the history. That way I can select a number of request/response pairs that represent an attack and keep a record of exactly what I did.

I really like the way this is shaping up. Thanks!

PortSwigger said...

@eric

In short, yes. I'll be talking about the new save and restore functionality later in the month.

Blog Archive


User Forum

Get help from other users, at the Burp Suite User Forum:

Visit the forum ›

Copyright 2014 PortSwigger Ltd. All rights reserved.