Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • The type element in the XML report

    From manual about Reporting: >> The type element contains an integer that uniquely identifies the issue type (SQL injection, XSS, etc.) For example, for SQL injection Type index is 0x00100200 (from here: Why in the XML report is using different index (1049088 for SQL inj) and where I can get this index for other types of vulnerabilities? <issues b...

    1 Agent Answer    0 Community Answer
    Jun 21, 2018 09:03PM UTC
  • Scanning abandoned due to too many errors (0% complete)

    Hi, I am trying to scan and almost all the requests are getting abandoned due to errors and when checked in Alerts tabs it says "Timeout in transmission from". Initially my application was accessible,and after getting error i cant access my application. i tried by enabling throttling. What is missing here?

    1 Agent Answer    0 Community Answer
    Jun 21, 2018 10:26AM UTC
  • Android traffic interception when app is accessed via VPN

    hi , My Android app is accessible only when connected via VPN connection on my Android device. Please tell me how to intercept app traffic on my laptop running Burp tool Regards, Garry

    2 Agent Answers    1 Community Answer
    Jun 21, 2018 05:22AM UTC
  • download sarfari CA certificate

    According to the instructions, it says: In Safari, visit the warning dialog titled "Safari can't verify the identity ..." click "Show Certificate". Well, i go to to that site, using Safari, and I don't get that warning message, yet when I check my installed certificates, there isn't one. How can I install it without clicking on tha...

    1 Agent Answer    0 Community Answer
    Jun 20, 2018 04:41PM UTC
  • XSS DOM-Based

    Hi, I'm a relative n00b trying to understand DOM-based XSS from the following issue reported by Burp. I'm trying to figure out if this is false-positive or not. Having difficulty putting together a POC, identifying the sources and sinks. Data is read from window.location.pathname and passed to $() via the following statements: var href=window.location.pathname; href=href.substr(href...

    1 Agent Answer    0 Community Answer
    Jun 19, 2018 04:14PM UTC
  • about web sockets

    we are using web socket to connect multiple systems, so one of my pc is having to capture the login request for an application so in that time when i capturing the request automatically it is capturing another url of websocket please help me out of this issue..

    1 Agent Answer    0 Community Answer
    Jun 18, 2018 10:56AM UTC
  • I can load https but not intercept.

    I want to load, via burpsuite.but i cannot. Burp suite works for http great but not for https. Please Help me. Thanks.

    5 Agent Answers    7 Community Answers
    Jun 17, 2018 02:15PM UTC
  • Not all Traffic is being intercepted between client and server

    Hello I’m working on a game called Marvel Contest of Champions. Basically I want to intercept all the packets and traffic between the client and server such as server request/client response for example: If you want to start and finish a fight, a packet is sent to the server and vice versa. However when I do the standard Burp Suite intercepting I only get 3 packets, not all of the packets o...

    3 Agent Answers    3 Community Answers
    Jun 17, 2018 12:03PM UTC
  • updates

    Why is it so that every time I open a new Burp session I get a pop screen stating that a new update is available. This happens even after updating it a few moments earlier. I'm trying to automate the scanning process and this popup is not allowing me to do so. How can i stop this.

    1 Agent Answer    0 Community Answer
    Jun 14, 2018 10:39AM UTC
  • Needs to know the kind of Security Pen-test in Prod Environment -Web AppSec

    Can someone tell me about the various security testing in Web Application involved without creating any junk data in DB or collapsing Duplicating data with original data present and testing will be done in Production Environment ? Please let me know testing involved like HTTP Head injection, Cookie Manipulation & LDAP injection etc...

    2 Agent Answers    1 Community Answer
    Jun 13, 2018 06:24PM UTC