Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Increase single-thread scanner speed

    Not sure if this is a bug or the standard behavior, so posting here first. I tried this with burpsuite_pro_v1.6.11.jar and burpsuite_pro_v1.6.02.jar with the default initial config. The application was hosted locally with apache. Same results. When I setup the scanner to do several items at the same time I see all the configured threads running simultaneously. Some of them go really fast, at...

    4 Agent Answers    2 Community Answers
    Mar 05, 2015 08:45PM UTC
  • Usage of ssl certificates

    Hi, i have an address that is a restful service that requires an SSL cert inorder to access it the address starts as: https://certapi.t6.lmuk.local/ Please note: -This is an internal address the available to external networks - I'm quite new to Burpsuite Basically i'm trying to hit the address in firefox as it has been configured my proxy gone through the setting on both burp...

    1 Agent Answer    0 Community Answer
    Mar 03, 2015 12:29PM UTC
  • Invalid client request received: Dropped request looping back to same Proxy listener

    Getting the above error when trying to connect to WebGoat using port 8080 on my local host through Firefox. I've set up the Firefox proxy for localhost port 8080 and the same on Burp. Saw another post with the same problem which mentioned invisible proxies? Couldn't figure it out. Thought I'd start a new thread. Any help ASAP would be great.

    1 Agent Answer    0 Community Answer
    Feb 25, 2015 01:28AM UTC
  • Set one cookie equal to another in intruder

    I have a situation where a cookie is set in Javascript so it's not coming up under the "set cookie" header for handling in macro's. For this post I'll refer to this cookie as "window". No problem - I know the value is always equal to the Session ID. I am also trying to create a macro that also get's a new SessionID for every request (long story). There s...

    1 Agent Answer    0 Community Answer
    Feb 24, 2015 12:18AM UTC
  • How do I troubleshoot "failed to connect" messages?

    So, I load up Burp Pro, restore defaults (latest versions of burp and JRE), enable the proxy and then in Chrome, with FoxyProxy browse to the site I want to scan/spider. I add said site to scope, and then start spidering. In the alerts tab there will be an increasing number of alerts saying that I failed to connect to the site name, and the same thing happens when I use the scanner. Burp is ...

    1 Agent Answer    0 Community Answer
    Feb 19, 2015 11:53PM UTC
  • get the count (number of pages ) spider crawled

    How can i get the number of pages crawled by the spider

    1 Agent Answer    0 Community Answer
    Feb 19, 2015 09:55AM UTC
  • Transfer License from one laptop to other

    Hi, I have just got a new mac machine in lieu of a windows laptop. I'd my Burp Suite license on the windows machine. How do I transfer it to the Mac? Thanks, Nadeem

    2 Agent Answers    1 Community Answer
    Feb 12, 2015 03:47PM UTC
  • Can I change the domain name or IP address in stored state?

    Hello? I would like to scan actively in domain name B using stored burp state when I scanned passively with domain name A. B would run the same service that A have run. Is this possible? If then, could you let me know how to do it? Thank you.

    1 Agent Answer    0 Community Answer
    Feb 11, 2015 09:57PM UTC
  • How do I manual add a vulnerability

    Using the intruder functionality, i saw the application was vulnerable to a XSS (with a custom payload). Active/Passive Scan doesn't find it. So I have a hit but how can i flag this payload/result with this params as a match within the scanner result (or other place to be able to include this match into the final report) (and of course flag this with a type of XSS vuln and the relevant advi...

    7 Agent Answers    7 Community Answers
    Feb 10, 2015 01:16PM UTC
  • How do I replace the content of a whole file?

    Hi, a web app I am testing is requesting jar files from a web server. I want to replace the jar file the server sends back with a modified version. I can of course intercept the response and manually replace the response content, but this is error prone and takes time. I have certain timing issues that make manually pasting the jar file not an option. So, how do I replace the whole response ...

    2 Agent Answers    1 Community Answer
    Feb 05, 2015 10:18AM UTC