Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • Huge project files when scanning

    Hi, I'm using Burp Pro 1.7.33 and I noticed that the scanner is generating huge amounts of project data with no apparent reason. I'm talking about 1GB per minute more or less for a single scan which has the Burp Collaborator disabled. My scan generated around 3000 requests and the project file went from 30MB to 12GB. Is there a reason for the huge disk space increase? What's cu...

    4 Agent Answers    3 Community Answers
    Apr 16, 2018 04:28PM UTC
  • Scanner Cookies Error

    Hi, I'm using Burp Professional 1.7.33. MacOS ver. Burp suite logged the first cookies for Scanner. I logout from website and I sign in with different membership. After I'm using Scanner. But cookies not true, because payloads have first cookies. So, scanner not working true. I'm sorry for my bad English. Thanks :)

    1 Agent Answer    0 Community Answer
    Apr 11, 2018 04:56PM UTC
  • Does Burp try to send unsent files.

    A server team is reporting that it is still receiving attack strings and file upload attacks from my scan even though I stopped scanning more than one week ago. Is it possible that Burp (or my OS) is still trying to send unsent attacks when I open it back up? Does it have a queue of unsent attacks that would go out even though scanner is paused? This particular scan was very resource intensiv...

    1 Agent Answer    0 Community Answer
    Apr 06, 2018 05:43PM UTC
  • software-caused-connection-abort-recv-failed

    Hi Team, I get this error message while running Burp Suite spider & scanner against multiple post request using asp.x application which are using xrftoken or key in body content : Software caused connection abort: recv failed and Authentication failure & transmission timeout. Does this issues happens only due to varies in xrftoken or key present in the b...

    1 Agent Answer    0 Community Answer
    Mar 28, 2018 04:03AM UTC
  • Issue Definitions

    Hi, Below page contains a list of issue that Burp Suite can report. It will be really helpful if it can hint about the cause and possible fix for it. We really don't have idea what is the cause and what is the fix. Is there any documentation available?

    2 Agent Answers    1 Community Answer
    Mar 27, 2018 02:58PM UTC
  • Burp Suite has reported about use of Permanent or persistent cookies on client machine.

    Burp Suite has reported about use of Permanent or persistent cookies on client machine. Should we stop using them? What are the alternatives available?

    5 Agent Answers    4 Community Answers
    Mar 27, 2018 02:20PM UTC
  • What is Private IP addresses disclosed reported by Burp Suite.

    What is Private IP addresses disclosed reported by Burp Suite, and how to fix it. Please let us know what can be the cause of this issue and how to fix it.

    4 Agent Answers    3 Community Answers
    Mar 27, 2018 10:55AM UTC
  • What is abuse of functionality reported by Burp suite

    Our security team has reported something called [What is abuse of functionality], by which the user entry can be altered to some other value, even though we have validation for it. Lets say, one can choose max next 30 days but using burp suite they could change it beyond that. Please explain what exactly this attack is . How do I reproduce it without Burp.And what is the fix for it. I am not...

    1 Agent Answer    0 Community Answer
    Mar 24, 2018 04:27PM UTC
  • skip server-side injection not preventing requests

    Adding an entry to "Skip server-side injection..." in the Scanner Options does not prevent that (for instance) parameter from being actively tested, i.e. making requests with payloads on that parameter. I need to add the exclusion entry to the "Skip all tests for these parameters" option to ensure no payload is injected in that parameter, thus preventing any request with that ...

    3 Agent Answers    3 Community Answers
    Mar 22, 2018 02:55PM UTC
  • Automatic backup failed

    Get this message: Burp Suite Professional 1.7.32. Not sure if there are any error logs I could look at anywhere?

    1 Agent Answer    0 Community Answer
    Mar 16, 2018 11:12AM UTC