Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Burp intruder extentions

    Hi, It would be nice if Burp intruder get some additional options. Like an trigger option to manipulate the scan data or automatically rescan if there is an error in the replay.

    1 Agent Answer    0 Community Answer
    Aug 09, 2017 08:21AM UTC
  • Ability to import traffic from .HAR files

    It would be great to have a feature that allowed us to import HTTP Archive (HAR) files to help facilitate automated testing and integration with other tools. https://dvcs.w3.org/hg/webperf/raw-file/tip/specs/HAR/Overview.html

    1 Agent Answer    0 Community Answer
    Aug 08, 2017 06:59PM UTC
  • payload in the "target" tab of the intruder

    Hello, Could be possible for further releases, an option to specify the payload to be part of the IP address to connect to? For example, if I have a list of IP address to which I want to send an specific HTTP packet, there is no way to do that in the intruder, right? Is there any existing plugin to do that? Could this be a possible new feature? Thank you, Manuel

    1 Agent Answer    0 Community Answer
    Aug 05, 2017 07:08PM UTC
  • Intruder Column for Response Length Independent of Payload Size

    When looking for web application behavior in response to fuzzing, I'm often looking for changes in the response length. The problem is that reflected input could obscure minor variations in the response that is separate from the reflected input. A handy feature would be a column that subtracts the payload length from the overall response length to show a corrected length that is independent o...

    1 Agent Answer    0 Community Answer
    Jul 28, 2017 04:39PM UTC
  • BurpSuite Professional Activation Limit

    I am trying to install BurpSuite Licensed version from 1 system to another, after uninstalling it on the previous one. But I am getting a maximum activation limit error when I am trying to activate the same on the 2nd system. Can you please look into the same.

    1 Agent Answer    0 Community Answer
    Jul 24, 2017 11:50AM UTC
  • More hotkeys

    Hello! I use hotkeys a lot, but some trainees use them even more, either by choice (nerds) or not (disabled people). Everybody love Control + "=" (on by default, navigate between Intruder tabs) and Control + "G" (off by default, issue Repeater request), but I hear these requests quite often: - navigate between high-level tabs (Target, Proxy, Spider, Scanner, Intruder, .....

    1 Agent Answer    0 Community Answer
    Jul 22, 2017 10:27AM UTC
  • Stricter validation on Intruder payload "Dates"

    When configuring "Dates" payloads in Intruder, non-digits characters like whitespace produce surprising behaviors that are hard to debug (no visual feedbacks outside of the "Request count"). For exemple, from 20 July 2017 to 30 July 2017 with a 1-day step and the default format: - no whitespace: count = 11 - whitespace after day "20" in "From": count = ...

    1 Agent Answer    0 Community Answer
    Jul 20, 2017 05:38PM UTC
  • Multi-request payloads in intruder

    It would be neat to have multi request payloads in intruder. It could work somewhat like the current burp macros, where you can set up a sequence of requests to send, but the intruder would change some parameters. This is useful in cases where one request is sent to store a parameter and another can be used to trigger the processing of it.

    1 Agent Answer    0 Community Answer
    Jul 20, 2017 01:27PM UTC
  • Make CTRL-G a shortcut for the "GO" command in repeater

    Please add CTRL-G as a shortcut for the "GO" command in repeater to allow quick resending of a payload.

    1 Agent Answer    1 Community Answer
    Jul 20, 2017 01:24PM UTC
  • Allow Match and Replace to change destination hostname

    Please allow the Match and Replace function to change the destination address as well. It would make it easier to test certain scenarios where requests have to be rediredted to different hosts.

    2 Agent Answers    1 Community Answer
    Jul 20, 2017 01:23PM UTC