Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Integrating Burp Suite with HP WebInspect

Users of both Burp and WebInspect can use the WebInspect Connecter from the BApp store to integrate the two products. The plugin allows users of HP WebInspect to transfer vulnerability details back and forth between Burp and their WebInspect instance via the WebInspect API. This will empower users currently using Burp and WebInspect as a part of their analysis process with a more efficient workflow.

To use the integration, follow the instructions below.

First install the WebInspect Connector extension from the BApp Store.

 

It is important to ensure that the WebInspect API is running and logged in using the same credentials as the WebInspect application.

Open HP Fortify Monitor from the HP WebInspect folder (C:\ProgramFiles\HP\HP WebInspect).

The values are set the first time Fortify Monitor is run and are based on the current user.

 

Use the Fortify Monitor icon in the system tray to configure and start the Web Inspect API.

 

 

Configure the API port and Host and click start for the API to listen for connections.

Alternatively, click "Start Web Inspect API" from the system tray menu.

 

The credentials can also be configured manually.

Open your services manager on your system.

 

Find the "WebInspect API" service and double click it to open the "WebInspect API Properties" window.

 

Go to the "Log On" tab and ensure the credentials match accordingly.

In this example ".\user".

 

You can visit the API in your browser to check that it is running (for example: http://localhost:8083/webinspect).

 

Return to Burp and go to the "WebInspect" tab.

Enter the appropriate details in to the "Host" and "Proxy" settings.

Click the "Connect" button.

 

An updated list of scans should now be presented in the table below.

You can refresh the scans at any time using the "Refresh Scans" button.

Double click on one of the scans to bring up a specific scan tab.

 

You can send items from WebInspect to Burp by selecting one or multiple vulnerabilities in the WebInspect scan tab, and use the context menu to perform the following actions:

  • Send to Spider
  • Send to Intruder
  • Send to Repeater
  • Create issue - this will add the vulnerability to Burp Target's site map.
 

Issues created in Burp's results are tagged with "[WebInspect]".

 

You can send items from Burp to WebInspect as follows:

Select one or multiple issues in the Burp Site map "Issues" section.

Right click on the issue to bring up the context menu.

Go to "Send to WebInspect".

Select an open WebInspect scan.

 

This will create the issue in WebInspect, and will also create a crawling session based on the selected base request.