Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Integrating Burp Suite with ThreadFix

ThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems.

The ThreadFix extension in the BApp Store provides an interface between Burp and ThreadFix, allowing you to upload Burp Scans to ThreadFix for further analysis and action.

With threadFix installed and configured, install the ThreadFix extension from the BApp Store.


Having used Burp Scanner on the web application you are testing, you can now export the scan results to ThreadFix.

Go to the ThreadFix "Main" tab and click "Export Scan".


Unless you have configured these settings in options, you will be asked to enter the URL you are using for ThreadFix and the API key.



You can generate an API key by going to the ThreadFix options menu.


Click "Create New Key".

Enter a name you would like to associate with your API key and click "Create Key".


ThreadFix should inform you that the Key has been successfully created.

Select and copy the key.


Enter the key in to the "API Key" box and click "Ok".


You will now be able to upload the scan to Threadfix.


You can use the ThreadFix "Options" tab to configure the settings above and to select an Application that the uploaded scan will be associated with.


Any uploaded scans will be now be available via the ThreadFix application.