Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • Extender API Parameters

    Hi! I'm developing an extension and I was wondering how can I get the vulnerable parameter for an issue. For example, in a Cross-site scripting as the one in the picture (, is there a method to get only the vulnerable parameter and not all of them? Also, is this documentation up to date?

    1 Agent Answer    0 Community Answer
    Dec 28, 2016 06:11PM UTC
  • Monitor new issues and create issues based on them

    Hello, I am attempting to write my first burp extension in Python, but I found myself stuck at adding issues to the list of findings. Basically, my code is monitoring for new issues within newScanIssue(self, issue) in the BurpExtender() class, and performing some task based on the issue type, etc. This is working fine and the core function is implemented, however results are printed to the c...

    1 Agent Answer    0 Community Answer
    Dec 22, 2016 02:25PM UTC
  • Reduced parameters to be checked in Scanner

    I'm trying to write an extension of BURP to reduce the number of checks to be done while performing and Active/Passive scan. Our tool already provides integrity validation for links and non-editable data, so my idea was to create an extension so that the number of checks performed by BURP is reduced not to include those. I'm reviewing the API for extension but I cannot figure out if t...

    2 Agent Answers    1 Community Answer
    Dec 19, 2016 01:25PM UTC
  • xssValidator Problems

    Hello, if anyone is usinf xss Validator, I really need help. I downloaded PhantomJS and also the xss,js file. I also downloaded Slimer but I have no idea where I get slimer.js. I think slimer is not needed, as I saw videos xssValidator working without slimer. I installed xssValidator in the extender, I started Phantomjs wih xss.js, then i send an testpage with a reflected xss vul to the int...

    1 Agent Answer    0 Community Answer
    Dec 17, 2016 12:17AM UTC
  • Create extender jar using burpsuite.jar in classpath

    Hi, I had a question regarding the process for properly building (compiling and creating jar files) Java burp extensions. According to the normal process for this, the Extender interface files should be exported from within Burp in the Extender tab. Then the extension can be compiled and a jar file created using commands such as "javac -d build burp/" "jar -cf ex...

    1 Agent Answer    1 Community Answer
    Dec 16, 2016 06:43AM UTC
  • Callbacks method to get the BurpExtender instance

    Is there a method in IBurpExtenderCallbacks or IExtensionHelpers to get the actual BurpExtender instance? If not, would you consider adding one?

    2 Agent Answers    2 Community Answers
    Dec 12, 2016 07:51PM UTC
  • Cannot load saved user options with --config-file in command line

    Dear Guys, My problem: I saved the user options into some JSON format configuration file, and then I can load it from GUI successfully, all the configured extensions are there, it's very good. However, I cannot load the configurations by starting Burp-Suite [latest version, 1.7.13, professional] from command line with "--config-file", all extensions are gone...And no clues there...

    2 Agent Answers    1 Community Answer
    Dec 08, 2016 06:06AM UTC
  • Cleanup Scheduler

    Hi everyone I am developing a custom Burp extension which basically modifies HTTP requests and responses (using IHttpListener) of various third-party tools. Since some of these tools are running for a rather long time, I would like to implement a scheduler which does a cleanup, lets say every 10 minutes. I was thinking about the following tasks: - Deleting the proxy history - Deleting the...

    1 Agent Answer    1 Community Answer
    Dec 07, 2016 09:31AM UTC
  • Hey guys

    İts a test post

    1 Agent Answer    2 Community Answers
    Nov 30, 2016 12:33PM UTC
  • Is there any method to get response in two different places

    Is there any method to get response in two different places

    3 Agent Answers    2 Community Answers
    Nov 25, 2016 03:26AM UTC