tag:blogger.com,1999:blog-8503755746105415394.post2836458492370296643..comments2008-04-12T16:06:00.236ZPortSwiggerhttp://www.blogger.com/profile/04744809054520271899noreply@blogger.comBlogger65125tag:blogger.com,1999:blog-8503755746105415394.post-4963602872214810332008-01-04T23:37:00.000Z2008-01-04T23:37:00.000Z

Support for changing the outlet end port of the proxy.That is, I'm running my development server system on 8080. It'd be nice if I could tell burpsuite to proxy 9090 to 8080 instead of just 9090 to 80 (what u can do now) - if that makes sense. As it is I need to run another proxy server or change my dev port.

anniethesquidgyhttp://www.blogger.com/profile/02147799407051132468noreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-2579988451716587782007-11-20T17:01:00.000Z2007-11-20T17:01:00.000Z

Would love to be able to save sessions, much like Paros. I would like to be able to bring up the Spider results. What do most people do especially when pen testing large sites?BIG QUESTION!! PLEASE HELP!! Anyone else use a Mac? (OS X - 10.4 or 10.5).I keep getting "No payload positions define" error. The § character looks to be valid. I have tried the new Intruder and changing language locales -

ark0nhttp://www.blogger.com/profile/00220146672034129971noreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-2768901941095956502007-11-15T18:25:00.000Z2007-11-15T18:25:00.000Z

I've seen a lot of Java apps recently that transmit data with serialized objects. Support for deserialization, manipulation,and serialization of these objects as they're transported over HTTP would be very helpful.

Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-37429710351710105832007-11-06T20:52:00.000Z2007-11-06T20:52:00.000Z

1) command line option:that is, if I have request in burp format saved in file when I do this:java burpsuite -noGUI fileToPostburp will use burp reapeter on the file and store respnose on file (fileToPost.response).2) Tool to convert request in burp format to requests in CURL format (curl enables command line usage)

Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-8476395773163189522007-10-31T13:42:00.000Z2007-10-31T13:42:00.000Z

I'm not sure if burp suite is compatible with vista 64bit, if it isn't that would be awesome.

Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-65320914561057519632007-10-23T15:13:00.000Z2007-10-23T15:13:00.000Z

- the ability to time a forwarded http request

Michielhttp://www.blogger.com/profile/00276210639808233533noreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-38167880849240878442007-10-21T07:48:00.000Z2007-10-21T07:48:00.000Z

I would like to modify the response (HTML code) of the proxy, too. An API would be great to register your one plugins.So I'm looking for a method like:String modifyHtmlBody(String request, String responseBodyOrg)

Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-28662678086838512722007-10-18T05:14:00.000Z2007-10-18T05:14:00.000Z

Would be great if your proxy-chain supported pointing to a PAC file. Its frustrating when you're doing stuff on your internal network and the internet, but all requests get forwarded to the internet proxy.

Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-37447080473162561542007-10-11T00:36:00.000Z2007-10-11T00:36:00.000Z

"quote-It would be really helpful if the the proxy history were exportable.Currently you can copy all URLs to the clipboard, but it would be great to be able to generate a log file similar to the one created through the "comms" tab (i.e., with the request/response flow)"yes would be cool

Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-53227275676268248342007-10-01T15:45:00.000Z2007-10-01T15:45:00.000Z

Hi there,A few suggestions-Web Services explorer - allow user to point tool at a wsdl and have tool identify the services and allow fuzzing.Would be very useful if the tool history could be cleared out by user selecting a button / menu option.limiting spidering of a site to certain specific domains would also help. thankssos

soshttp://www.blogger.com/profile/13222974802029506496noreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-58407049028760534832007-09-28T04:50:00.000Z2007-09-28T04:50:00.000Z

Couple little things:1. better support for gzip, i'm testing a site now that sends the header: content-encoding: deflate and burp doesn't interpret this as g-zipped data even though it is.2. the ability to check or un-uncheck proxy options without having to check "intercept" sometimes i want to set it up to catch the next request/response but i dont want to look at the data going back and forth

Kevinselectroclash.comnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-36549526979654302302007-09-28T00:44:00.000Z2007-09-28T00:44:00.000Z

Quote:It would be great if Burpsuite could handle all traffic without being a proxy. Im not asking to write hooks for every library or whatever, but there are applications such as Ethereal (i think wireshark now) that capture every packet, I think this is done through WinPCap. Is it possible to use WinPCap to handle and intercept all packets, or is it just for capturing as it goes by?------------

Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-55803265527725500722007-09-27T14:46:00.000Z2007-09-27T14:46:00.000Z

"Clear" in many places will be useful.

kanedaaakaneda.bohater.netnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-85458215948479673012007-09-24T11:01:00.000Z2007-09-24T11:01:00.000Z

Please add a 'buy now' button on your website. Why not follow through with getting some direct information about how much a full blown version of your software costs? A lot of potential customers probably would like to buy your full version tool, but if its not available on the website to buy its too much effort to follow up. I know there is a couple of licenses I can buy straight off the bat.

Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-22990735246465457632007-09-18T01:01:00.000Z2007-09-18T01:01:00.000Z

I have been trying anything and everything to try and get my applications which do not support proxies to work with Burp proxy, and found that really the only solutions availble are programs like Freecap. However freecap only supports proxies that use the CONNECT method, and if you try to use it with Burp nothing works right. Support for the CONNECT method in the Burp proxy so we can use Freecap

Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-49682446144749118402007-09-16T14:22:00.000Z2007-09-16T14:22:00.000Z

It would be great if Burpsuite could handle all traffic without being a proxy. Im not asking to write hooks for every library or whatever, but there are applications such as Ethereal (i think wireshark now) that capture every packet, I think this is done through WinPCap. Is it possible to use WinPCap to handle and intercept all packets, or is it just for capturing as it goes by?

Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-31871518632905953662007-09-05T11:36:00.000Z2007-09-05T11:36:00.000Z

It would be great to have a (popup menu) option to re-send (a) single (or multiple selected) request/s in the intruder-attack-window, thereby exchanging the selected rows with the new results.This would help to resolve partially invalid or errornous results which can appear e.g. due to an accidential DoS of the server during a test.

Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-35520884696508613102007-08-30T20:18:00.000Z2007-08-30T20:18:00.000Z

Support ActiveMQ ajax requests. They use Jetty continuations, and the extended timeout somehow escapes Burp Proxy.Check here: http://activemq.apache.org/ajax.html

Gerryhttp://www.blogger.com/profile/01661633280086633250noreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-33219991184253228542007-08-30T01:58:00.000Z2007-08-30T01:58:00.000Z

Seconding the request for automatic data manipulation/filtering: search a packet for x and replace it with y automatically.

Paulhttp://www.blogger.com/profile/08030808377914210525noreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-73684879435646849592007-08-23T03:13:00.000Z2007-08-23T03:13:00.000Z

Support for log file creation under Mac. Can only write to a log file if it already exists.

Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-87300720389933975352007-08-21T15:23:00.000Z2007-08-21T15:23:00.000Z

I would like be able to edit the intercept options while intercept id turned off. Currently if intercept is turned off, then all of it's options are greyed out and inaccessible.

keithnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-44837687816863888652007-08-11T22:41:00.000Z2007-08-11T22:41:00.000Z

automatic data manipulation/filtering: search a packet for x and replace it with y automatically.

Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-9207410688976284332007-08-03T18:25:00.000Z2007-08-03T18:25:00.000Z

Currently I have not been able to proxy WebDAV requests. It would be great if the next version could.

Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-51016113550703920432007-08-01T14:54:00.000Z2007-08-01T14:54:00.000Z

Spider:for Scripts with URL Parameters, show them as table (not in a tree), like:login.php:user=usr1 | pw=blauser=usr2 | pw=blablauser=usr2 | pw=bla | remember=1user=usr1 | pw=gna | remember=0user=usr3 | showerror=ugaugaThat way, you can very easily see how the script was usually called; which combination of parameters are standard and what type the parameters are (string, number etc). Just show

nobodyhttp://www.blogger.com/profile/04444733727224063593noreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-15640482892460965782007-07-24T15:52:00.000Z2007-07-24T15:52:00.000Z

Table column sorter. Ascending/Descending.

Anonymousnoreply@blogger.com