Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Using Burp with Selenium

Selenium is a portable tool for automating browsers in the testing of web applications. You can use Burp Suite to check for vulnerabilities in the run of Selenium tests. This article demonstrates how to proxy Selenium test traffic through Burp Suite and how to passively and actively scan the traffic for vulnerabilities.

There are two ways to ensure that traffic from your Selenium tests proxies via Burp Suite.

Firstly, you can configure the Selenium driver to proxy via your instance of Burp Suite.

 

 

Or secondly, you can configure your proxy at the OS level.

When you configure the browser associated with the Selenium tests to use Burp, the proxy settings will be respected and traffic from the tests will pass through Burp Suite.

 

Before running your Selenium tests, go to the "Proxy Intercept" tab, and ensure that interception is off (if the button says “Intercept is on" then click it to toggle the interception status).

 

With your proxy configuration set, run your Selenium tests in the normal manner.

 

Traffic from the tests will now be captured in Burp Suite.

While the Selenium tests are running, Burp will passively report various issues that it observes.

 

After the Selenium tests have run, you can then carry out active scanning on the captured requests.

For example, you can select everything in the Proxy history and choose "Do an active scan" from the context menu.