ScopeProof v1.2.0 — Engagements, Triage & Workflow Views, UI Redesign

What's New

Engagements (Workspaces)

Isolated workspaces for each engagement — each one gets its own traffic records, annotations, scope, and Swagger baseline.

• Engagement pill in the toolbar to switch, create, rename, or delete engagements
• Manage Engagements dialog for full CRUD operations
• Per-engagement persistence under ~/.scopeproof/engagements/{id}/
• Existing users' data auto-migrates to a "Default" engagement on first run
• Traffic captured during an engagement switch is buffered and flushed to the new engagement

Three Views

Switch between layouts using the Table | Triage | Workflow segmented control in the header.

• Table — The classic coverage table with request list and Burp's native request/response viewers
• Triage — Faceted sidebar (Priority, Depth, Method, Auth, Tag) + endpoint table + detail panel showing coverage percentage, attributes, test checklist, and notes for the selected endpoint
• Workflow — Hero KPI cards (coverage donut chart, priority breakdown, activity sparkline) + a ranked "Next Up" queue showing what to test next, sorted by priority × depth × request volume

UI Redesign

Complete visual overhaul with teal accent color and updated typography.

• KPI strip with coverage donut chart, progress segment bar, and mono-spaced big numbers
• Restyled filter pills with count badges
• Teal accent throughout — selected rows, active view indicator, brand wordmark
• Design token system (Theme.java) for consistent colors, fonts, and spacing across all components
• FlatLaf bundled for modern Swing component styling

Custom Painted Components

• DonutPanel — Ring chart showing coverage percentage with centered text
• ProgressSegmentBar — Stacked horizontal bar (tested / partial / untested / missing)
• SparklinePanel — 14-bar activity chart with intensity grading

Other Improvements

• "Edit" link next to Scope now opens Settings directly on the Filters tab
• Faceted filtering in Triage view with live counts per facet
• Triage detail panel updates on endpoint selection with coverage, attributes, and notes
• Sort selector removed from filter row (table column sorting still works)

Install

Download ScopeProof-1.2.0.jar below, then in Burp Suite go to Extensions > Installed > Add and select the jar file.

ScopeProof v1.1.0 — Smart Priority Scoring & Filter Chips

What's New

Filter Chips

Quickly slice your coverage data with one-click filter chips across the top of the table:

• All — Full endpoint list
• Next Up — Prioritized testing queue, sorted by score
• Untested — Endpoints with no manual testing
• Missing — Swagger baseline endpoints not yet observed in traffic
• High Priority — Critical and High priority endpoints
• Has Exploits — Endpoints with confirmed exploit findings
• Auth Only — Endpoints only tested with authenticated requests
• Tested — Endpoints that have been manually or fuzz tested

Smart Priority Scoring

Priority is now a 0–100 score based on factual signals from your traffic, not guesswork:

• Write methods (POST, PUT, DELETE, PATCH)
• Path parameters (e.g. /users/{id})
• Interesting parameters (id, token, file, redirect, admin, password, etc.)
• Auth-only endpoints missing unauthenticated testing
• 401/403/500 status codes observed
• Testing depth gaps (Untested, Missing, Observed)
• Missing payload/attack coverage

Hover over any Priority cell to see the score breakdown and reasons.

Auth State Column

New Auth column shows whether each endpoint has been tested with authenticated requests, unauthenticated requests, or both — making auth bypass gaps immediately visible.

Flag for Review

Right-click any request in Repeater, Proxy, or any Burp tool and select Flag for Review (ScopeProof). The endpoint is tagged as "Flagged" and appears in the Next Up chip instantly — perfect for manually queuing endpoints your analysis might have missed.

Auto-Refresh on First Load

ScopeProof now automatically imports your proxy history the first time the extension loads with no prior data. No more clicking Refresh to get started — open the tab and your coverage map is already there.

UI Improvements

• Removed the Depth summary card (replaced by filter chips)
• Per-column header tooltips with depth legend, auth state explanations, and edit hints
• Subtle background tint on Swagger baseline "Missing" rows
• Streamlined toolbar — JSON/CSV export moved to menu bar

Context Menu Fixes

• Report Finding and Flag for Review now work correctly when right-clicking inside Repeater's editor pane (not just from the request list)
• Context menu items grouped with separators: Testing | Reporting | Analysis

Upgrade

Replace your existing ScopeProof.jar with ScopeProof-1.1.0.jar in Extensions > Installed > Add. All existing data (traffic, notes, tags, baselines) is preserved automatically.

ScopeProof v1.0.0 — Initial Release

What's New

First public release of ScopeProof — a proof-of-testing coverage tracker for Burp Suite.

Features

• Real-time traffic capture from Proxy, Repeater, Intruder, Scanner, and all Burp tools
• Endpoint aggregation with smart path normalization (/users/123 → /users/{id})
• Testing depth classification — Thoroughly Tested, Fuzz Tested, Manually Tested, Observed, Untested
• Priority scoring based on HTTP methods, parameters, auth state, and testing gaps
• Custom payload detection — define your own signatures per category (XSS, SQLi, etc.)
• Intruder payload generators — fire your custom payloads directly from Intruder
• Scope filtering with wildcard support and Burp target scope import
• Persistent storage — data survives Burp restarts with auto-save
• JSON & CSV export for reports and deliverables
• Context menu integration — mark tested, flag decoder usage, tag payloads
• ScopeProof Pro upload — optional cloud sync for team dashboards

Installation

1. Download ScopeProof-1.0.0.jar below
2. In Burp Suite → Extensions → Add
3. Set type to Java, select the jar file
4. A ScopeProof tab will appear — start testing

Requirements

• Burp Suite Professional or Community Edition
• Java 17+ (bundled with modern Burp releases)