Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Burp Suite - feature requests please
Posted by: PortSwigger
Date: June 25, 2007 03:46AM

I know that a lot of people here use Burp Suite, so I thought I'd let you know that work is underway on the next release, which should be available later this year. This will be a major upgrade with lots of new features in all of the tools.

At this point, it would be good to hear any other feature requests that people have, however large or small. Please leave them in the comments, or join the discussion here:

http://blog.portswigger.net/2007/06/burp-suite-feature-requests-please.html

and I'll address as many as I can.

Cheers
PortSwigger

Options: ReplyQuote
Re: Burp Suite - feature requests please
Posted by: Royal2000H
Date: July 09, 2007 02:56PM

From http://sla.ckers.org/forum/read.php?11,11937
Royal2000H Wrote:
-------------------------------------------------------
> In my current pentest, I need to change the
> payload of a packet.... which is possible in
> Burp.... but if I want automated regex change it
> only works with headers....
>
> Is there any way to deal with the payload in Burp

You did respond in that thread: "I'll add it as a request for the next release, which should be later this year. "

also this would be helpful:

From http://sla.ckers.org/forum/read.php?11,10366
Royal2000H Wrote:
-------------------------------------------------------
> Currently in Burp Repeater, I fill in the host and
> port and packet which starts with "GET
> /example.php?Id=100 HTTP/1.1" and has alot more
> (like user agent etc)
> then I click go and then the only thing i change
> is 100 to 101 in the GET then click go then 102
> then 103...
>
> Is there a way to automate this?

Options: ReplyQuote
Re: Burp Suite - feature requests please
Posted by: serachewhi
Date: July 17, 2007 02:41PM

A timer for blind sql injection. i've added this to Paros, and have contacted the team about including for the next release.

Options: ReplyQuote


Sorry, only registered users may post in this forum.