mdsecresearch / burpsuitesharpener Goto Github PK
View Code? Open in Web Editor NEWLicense: GNU Affero General Public License v3.0
License: GNU Affero General Public License v3.0
Copy title is only useful to paste it on another tab and it does not actually copy the string in the clipboard.
Hi there,
I just noticed that if I apply a predefined pattern to a repeater tab, then move the tab, it loses its modified color (but not the custom font).
Regards,
A.
I love the tab icons, but would like the ability to shrink them down.
The implementation of a selectable size for the icons would be perfect.
Thanks again for the plugin :)
When adding an item to Intruder, it reloads all settings which is really slow and unnecessary. It also change the Repeater subtabs to e scrollable.
This issue occurred when the extension was unloaded or Burp Suite was closed immediately after changing style of a tab. It did not save the last change.
This can be useful when there are a lot of tabs and it is not possible to find the previous line!
Hello,
I am looking for a feature which allows me to introduce fast and customisable comments (hot key) to proxy history requests for classifying purposes.
For example, if I select multiple requests and press a certain hotkey then all of the requests will have a "TO SCAN" comment or whatever comment chose by me.
In day to day activity hotkeys like Send to Repeater ( CTRL + R ) are really useful. I am looking for an easy way to classify interesting requests for mass-scanning purposes, eg. CTRL +C to classify request.
At the moment, commenting/highlighting requests takes a lot of actions (time) and is not smooth. Also proxy history doesn't allow highlighting filtering.
Best,
Tavi
To save specific pages response from sitemap based on a regex.
Perhaps also an algorithm to detect chunked react JavaScripts to get them and merge them and then save them in one file (https://create-react-app.dev/docs/production-build/)
adding add-new-tab to the menu in repeater and intruder can help using them easier
Alphabetically with ASC/DESC feature
Using their styles then names
Tabs with fully numerical names should go in the end and sorted separately unless they have styles!
a button to check for update at start or when it is clicked (checked)
A feature that can be enabled or disabled by users globally. So setTitle
can trim the sting if it is larger than a certain amount.
It can ask the user for the size limit as well (default: 100 characters)
An apply size limit can also be provided to user to change the title of current tabs which are long.
Hello,
Would be ideal to persist tab locations on Burp restart (without having to manually load a configuration). Additionally, being able to move items to the "dropdown" area would be great.
Tags can be useful when searching / changing the style. They can even be used as the title in the future.
Ideas include:
Logger is now part of the Burp Suite so it needs to be added to the list.
See title
Icons that are small enough to preserve the height of the sub-tabs would be another way to further help identify tabs of interest. For example, "Proxy, "HTTP History", etc could have smaller 16x16 icons (or similar).
To duplicate a tab with all its objects. This might be impossible given data in each tab could be linked to the same object if we just copy the objects as they are but would be interesting to implement.
FR: changing ...
to something like more obvious like +
so it can be seen easily to add new tabs.
FR: make the main tool tabs and repeater/intruder tabs scrollable
The paste text into repeater and intruder tabs can be a good feature as well. At the moment, it only pastes it if it has been copied by Sharpener. So it can be good to have a text paste from clipboard as well (enabled only when clipboard contains a string).
Removing unimportant cookies can be done by removing cookies from a request one by one to see which one changes the response.
List of unimportant cookies can then be added to a list of target-specific unimportant cookies so they can be used for a passive removal or can be used to speed up the active removal by removing them first and carry out a test before removing other cookies one by one.
Change Icon blurs the icon
FR: add to subtab menu -> create custom predefined patterns -> then we need delete custom profile too!
When there are many tabs, enabling the scrollable tab may not show the current tab that we are working on.
FR: change repeater and intruder tab style based on some rules (in-scope, regex capture group, match regex, max length, current title, ...)
This will set a previous title and add a number in the end to make it unique. if the original tab exists and has a style, the style should be copied too.
Rather than having icons for the main tabs (repeater, proxy etc) it would be cool if we could assign a custom background color to the tab so it's quicker to identify than icons (since the icons still have similar colors).
pasting tab styles based on a string in the title (regex search in titles for paste)
Removing unnecessary headers from requests can be useful when creating PoCs to have a cleaner and smaller screenshot/poc.
This can be done to two ways:
A1- Passive: removing common unimportant headers (referer header might be useful to see how the link has been created or sometimes it is used as a CSRF protection)
B1- Active: removing target-specific unimportant headers first (if it exists) to see whether the response changes, if the response does not change then continue to step B3 otherwise discard the removal and then jump to step B2
B2- Active: removing common unimportant headers to see whether the response changes, if the response does not change then continue to step B3 otherwise discard the removal and then jump to step B3
B3- Active: remove headers one by one to see which one changes the response - remove the ones that do not change the result
B4- Add identified unimportant headers to the list of target-specific common unimportant headers so B1 can use it (target-specific is by HOST -> different paths can obviously have different requirements but we do not want to make it complicated)
C1- Passive: removing target-specific unimportant headers (only active when B4 was used previously)
move tab to the first, move tab to the last, move tab to a position by providing the number
Adding Repeater/Intruder tab search and jump to functionality
FR: copy cookies / paste cookies - or it can be a specific header / parameter etc - or it can be all headers without HOST/content-length/content-type/chunked...
This is to put multiple tabs in one group so they can be viewed easier. For example, informational issues under one etc.
Great extension!
The ability to change the Burp Suite default orange theme which applies to fonts, tabs, buttons, progesss bars and more would be a nice change.
Copy:
Rename:
etc.
Burp has changed its internal UI so the extension fails in Repeater and Intruder tabs.
FR: change repeater and intruder tab titles based on some rules (in-scope, regex capture group, match regex, max length, current title, ...)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.