Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Validating File uploads

    Hi all, This may not be related to Burp Suite tool as such, but wanted to check if someone from this community could help Situation: As a part of file upload checks, only certain file extensions are allowed. But we can easily change the extension (to one of the allowed extensions) and upload the files for example, only doc,xls,pdf,txt files are allowed. But a .exe extension can be rename...

    0 Community Answer
    May 25, 2015 07:19AM UTC
  • Sciript a Proxy Match/Replace (or well really just an insert)

    Is there a way to script or conditionally to Match/Replace with the Proxy. Similar to what's in the "Options" tab but slightly more complicated. Specifically what I'm looking for a find requests that don't have a referer and insert a specific one. (i.e.: If request header doesn't contain referer then insert Referer: But I can also fo...

    1 Agent Answer    0 Community Answer
    May 21, 2015 07:03PM UTC
  • Target scope: Include the URL only once for scan

    My website is sending below GET requests (REST style), ... Now during an active scan, scanning one of the request is enough (saves time). Is there any way to set the scope to include the URL only once for scan? I tried the below config, but it did not work (all the URLs are excluded). Include scope:

    1 Agent Answer    0 Community Answer
    May 21, 2015 08:12AM UTC
  • Updating Cookie Jar based on redirected responses

    Hello! I'm having troubles updating burp's internal cookie jar based on redirected responses. Eg. I send a POST request to /whatever.jsp with a cookie SESS1=123, I get a response w/ 302 Found, when I follow the redirect I get a response and a Set-Cookie: SESS1=456. Next request therefore has to be sent w/ SESS1=456 otherwise it will be dropped/denied. Functionality very simi...

    1 Agent Answer    0 Community Answer
    May 19, 2015 07:24PM UTC
  • Getting Java Heap Space Error.

    Hi Team, Getting Java Heap Space error and eventually Burp Suite got hanged later on. Increase Java Heap Space as mentioned below but still not getting valid response. Increase the size as mentioned below but still issue exist. Please do needful. Xms1G -Xmx4G -XX:MaxPermSize=1024M Regards, Javed Parmar

    1 Agent Answer    0 Community Answer
    May 18, 2015 11:26AM UTC
  • Clone a online website to work offiline with burp clone a google app with burp

    Good day How do I clone a Google app with Burp suite. I know how to spider a app. I know the diference but can burp clone a website like WGET or HTTRACK? Is it possible to use Burp to download a local copy of googels XSS firing rang?

    1 Agent Answer    0 Community Answer
    May 17, 2015 07:14AM UTC
  • Private Collaborator Server Refuses requests

    I am trying to setup a private Collaborator server, and am running into issues with the DNS server. The server starts up fine; listening on port 80, 443, and 53. However, when I run a "netstat -plntu" on the server port 80 and 443 are in the listen state, but not 53: Proto Recv-Q Send-Q Local Address Foreign Address State tcp6 0 0 ...

    3 Agent Answers    3 Community Answers
    May 13, 2015 07:01PM UTC
  • Spidering + Form Submission

    I am spidering a website. While spidering I have selected "Automatically submit using the following rules to assign text field values" I have given a field name and field value and enabled it to be submitted. If there appears a value that is not in the list that I have given and let us assume I have not defined/selected "Set unmatched fields to:" field as well. In that c...

    2 Agent Answers    2 Community Answers
    May 13, 2015 07:17AM UTC
  • WCF binary decode failure

    I'm testing a fat client application that passes all its traffic through SSL, WCF binary encoded. It also looks like it is being compressed (Content-Type: x-deflate) which adds another level of PiTA. I'm using the "WCF Binary Helper" extension (props to Brian Holyfield and Nick Coblentz), which has worked fine for all applications that I have previously tested that use this met...

    2 Agent Answers    2 Community Answers
    May 12, 2015 01:45AM UTC
  • Dark/Alternate Java Look and Feel

    Hello, Is there any way to change the look and feel to anything other than the four in options? If not, are there plans to implement the dark metal/nimbus themes? Thanks! Colin

    3 Agent Answers    8 Community Answers
    May 11, 2015 04:48PM UTC