Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • How to change the Authorization header in scanner rule?

    I'm attempting to perform an active scan on a few requests that don't have the current authorization header. Every response in the logger++ output shows a 401 unauthorized because each scanner request is using an invalid auth header. I've looked at the rules creation wizard in the project options -> sessions tab, but it only allows you to modify cookies or parameters, not header ...

    1 Agent Answer    0 Community Answer
    Aug 17, 2017 06:17PM UTC
  • Configure Burp to recoginze traffic from a Visual Studio debug (Start)

    When I start up my application from Visual Studio and I hit "Intercept is on" in Burp, it doesn't seem to see what is happening in the web application. Any help on how to do this?

    1 Agent Answer    0 Community Answer
    Aug 16, 2017 08:48PM UTC
  • Include Intruder in project/state file?

    Is there a way to include the Intruder tool in the auto-saved project files, or in a state file? I know I can export each Intruder attack separately, but I'd love to not have to remember to do that manually at the end of the day...

    1 Agent Answer    1 Community Answer
    Aug 11, 2017 01:55PM UTC
  • More info on "Identify Backend Parameters"

    During a scan I have found an endpoint with the issue "Interesting input handling: Backend Parameter Injection". In the advisory there is the suggestion to click on the "Identify Backend Parameters" entry of the context menu. I did that, but I got no feedback: where should I look for any result and or progress? Do I have to leave some window open? Can you please give me more ...

    1 Agent Answer    1 Community Answer
    Aug 11, 2017 08:10AM UTC
  • Installing Burp-suite in Ubuntu 16.04 LtS

    How do I install burpsuite in Ubuntu 16.04 LTS , is there any .deb package available?

    1 Agent Answer    0 Community Answer
    Aug 09, 2017 02:46PM UTC
  • BSON Format

    Does anyone have experience testing endpoints that expect BSON content? Is it possible to implement a plugin that encodes the Active Scan payloads as to be able to stress these endpoints from Burp Pro? Thanks in advance.

    1 Agent Answer    0 Community Answer
    Aug 09, 2017 02:47AM UTC
  • Intercepting iOS traffic

    Burp is giving unkonown certificate errror while intercepting traffic for an ios app which is on https. The certificate has been added the trusted profiles and also app doesn't use certificate pinning .

    1 Agent Answer    1 Community Answer
    Aug 08, 2017 11:39AM UTC
  • Target Scope scan

    Good Day May I ask, how can I manually initiate a scan using the Target scope What I have is txt file with urls that has been loaded onto the Target Scope but I'm not sure how the scan is started Thank you Jabu

    1 Agent Answer    0 Community Answer
    Aug 07, 2017 08:43AM UTC
  • Find the actively scan defined insertion points

    How do I find which parameter I selected on "actively scan defined insertion points" feature in the context menu of the Intruder? If you go to Scanner tab there will be an item there but no information at all which parameter is been select for scanning. My suggestion is to highlight the parameter(s) on the "Base request" under "Show details" screen. Thanks! Rica...

    1 Agent Answer    0 Community Answer
    Aug 05, 2017 08:46PM UTC
  • Do not want to manually forward each request

    Hi, I am trying to leverage Burp proxy to obtain the API calls in our custom web application. I have a series of automated tests that I would like to run while Burp is running to obtain a list of the POST APIs with their data. Right now I am having to click the forward button for every request. Is there a way to just automatically forward the requests?

    1 Agent Answer    0 Community Answer
    Aug 04, 2017 12:50PM UTC