Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Unable to access our site on https

    Hi, I have downloaded the Burp Free edition and trying to test a web application running on https. When I configured Burp Proxy, my Chrome is denying to connect to the site showing a certificate error. I tried installing your certificate ca file with no luck. Any help is greatly appreciated. Wishes,

    2 Agent Answers    1 Community Answer
    Oct 07, 2015 06:00PM UTC
  • Intruder / Macro question

    Hi, I'm trying to get a macro working with intruder. The sequence I am trying to repeat is : POST XML data to server1/service.svc Receive a token from server one (in the response it can be found between <token> and </token> Send that token to a different server - in this instance GET server2/page.aspx?token=[value extracted from response from server1] After googling ...

    1 Agent Answer    0 Community Answer
    Oct 07, 2015 11:23AM UTC
  • support documentation

    i was hoping that you all had an all-encompassing user guide with all content in one doc. i found the following, which shows all help pages, but i'd really like to get all of that content in one file that i can review offline. here's the page containing linked content: thanks, -Donovan

    1 Agent Answer    0 Community Answer
    Oct 05, 2015 09:10PM UTC
  • How to pentest a web site that behind reverse proxy?

    Is it possible to pentest a web site that behind reverse proxy? If yes, how to?

    1 Agent Answer    0 Community Answer
    Oct 04, 2015 11:49AM UTC
  • Probable bug in session handling macro

    Hi I am using latest version of Burp and created a Macro to login to complex website. It requires at least four request to complete the login sequence. Below are the first three requests (sanitised) First Request GET /AppsLogin HTTP/1.1 Host: Response HTTP/1.1 302 Moved Temporarily Location: Set-Cookie: BIGipServe...

    1 Agent Answer    1 Community Answer
    Oct 03, 2015 03:55AM UTC
  • Intercept not working

    when proxying through burp, intercept is on but , its not intercepting the traffic(for me to drop or forward), but see traffic in http history

    1 Agent Answer    2 Community Answers
    Oct 02, 2015 06:17PM UTC
  • Multiple usernames as Prefixes when Base64 encoding authentication

    Hi, Is there a way to supply a list of usernames to be used as a prefix when payload processing prior to base64 encoding? I have an application which has a pop up authentication window to log in. The authentication mechanism Base64 encodes the username & password in a username:password format before forwarding it to the server, so i can only highlight the one position once it's sen...

    1 Agent Answer    0 Community Answer
    Oct 02, 2015 08:17AM UTC
  • Burp session handling in multiple scanner threads

    Hi all, I just wanted to know how burp handles in-session detection and subsequent macro execution while scanning using multiple threads. Suppose the following scenario. I log in the application and get a valid session token I browse the app and record several urls I want to scan. I set in session detection and application relogin in case I detect a logout. I choose them and start sca...

    4 Agent Answers    3 Community Answers
    Sep 30, 2015 03:15PM UTC
  • Session validataion and Loop issue

    I am active scanning a website which involves sessions. Number of threads for scanning is 5 - this means 5 requests will be sent at one time I am using a session handling rules to check if session is valid or not. Since I am using 5 threads, Lets say Thread 1 is sent and session handling rules finds it invalid session. So the macro will run, login process will happen(according to macro) a...

    1 Agent Answer    0 Community Answer
    Sep 30, 2015 01:09PM UTC
  • fatal alert: unknown_ca in Burp's "Alerts" tab

    Problem: When intercepting, the site I'm visiting doesn't render properly in my browser. Some resources do not load. Related: in BurpSuite's "Alerts" tab, I have dozens of lines like this one: "The client failed to negotiate an SSL connection to Received fatal alert: unknown_ca" Also for and and...

    1 Agent Answer    1 Community Answer
    Sep 29, 2015 06:17PM UTC