Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Set font via command line OR restore state via command line

    Is there a way to set the font size via a command line option, or restore a saved state via a command line option? For example: java -jar burp.jar --font-size=12 or java -jar burp.jar --restore-state settings.dat I am looking for a way to create two shortcuts to Burp that would automatically start with different font sizes (if possible!), for starting the GUI with the correct font size based...

    2 Agent Answers    2 Community Answers
    Jun 26, 2015 03:35AM UTC
  • Python Extensions

    I have installed Jython and installed several Python-based Extensions. I have configured 'Folder for loading modules' to point to /usr/lib/python2.7 (have also tried python2.7 and python3.2). All extensions fail. Most have an error reading, "NameError: name 'buffer' is not defined." Since this is applying to multiple extensions, guessing it is a Python/jython/Kali ...

    1 Agent Answer    2 Community Answers
    Jun 25, 2015 09:42PM UTC
  • Treating existing values in a parameter while scanning

    Hello, I am adding a URL for scanning that has 10 body parameters for scanning Out of the 10 parameters, 4 parameters are already filled with some values. Other 6 parameters are left blank. When we are active scanning - how will burp work when new crafted requests are sent ? - Will the exiting values of the parameter be removed and replaced with the attack string ? or will the attack st...

    2 Agent Answers    2 Community Answers
    Jun 25, 2015 06:41AM UTC
  • burpsuite_free_v1.6 with upstream proxy not able to intercept https traffic/sites.

    Hi Team, I have been using burpsuite_free_v1.6 with upstream proxy with Java version: C:\Users\Administrator>java -version java version "1.8.0_25" Java(TM) SE Runtime Environment (build 1.8.0_25-b18) Java HotSpot(TM) Client VM (build 25.25-b02, mixed mode) And not able to intercept any https site traffic .Below are the alert remark from burpsuite which i m getting. ...

    2 Agent Answers    1 Community Answer
    Jun 23, 2015 01:26PM UTC
  • How to flag only new issues when Burp is run on a continuous basis

    Hi, I am trying to run Burp tests automatically from a test suite. I want to re-run these test suites every two weeks. I want to flag only the new issues when I re-run the burp tests. Is there a way to do this? The only thing I could find in the documentation is: The serialNumber element: contains a long integer that is unique to t...

    1 Agent Answer    0 Community Answer
    Jun 17, 2015 03:14AM UTC
  • Spider a application with form based login

    For spidering I filled in the scope at Target > Scope. And at Spider > Options I used for "Application Login" > "Prompt for guidance". But after running the spider as "Spider from here" (as it was the / site) only a small requests are made. If I do not use login, I get over 1000s of requests. 1) Do I see which requests are sent and what the responses...

    1 Agent Answer    1 Community Answer
    Jun 16, 2015 08:49AM UTC
  • Macro creation for variables that keeps changing for every request and response.

    Hello, I am trying to create a macro to login to the website (as a part of session handling rules). The web site is in aspx In the macro editor, under macro items, I have made the entries that will successfully login to the application. There are two requests. First is a GET request and second is POST request. First GET request goes without any parameters First GET response comes with...

    1 Agent Answer    1 Community Answer
    Jun 15, 2015 06:07AM UTC
  • How to use Burp Proxy with an emulated android device?

    Is it possible to route an emulated android device through Burp Proxy? I tried the instructions found here: But this says update the WIFI settings on the phone and when using an emulated device - WIFI is not available. Is there any way to route an emulated android device through burp proxy?

    8 Agent Answers    9 Community Answers
    Jun 13, 2015 02:38AM UTC
  • CSRF PoC vulnerability only succeeds while Proxying through Burp

    This may be a dumb question as I may not fully understand how this CSRF vulnerability is working. Scenario: Within the application using Spring / Spring Webflow, and Spring Security. I am able to create a PoC with Burp that will increase a User profile to an Admin status. The PoC will work every time while within the initial Admin session is active to is increase the access to the second U...

    1 Agent Answer    0 Community Answer
    Jun 10, 2015 03:41PM UTC
  • Java Socks Override on OSX

    Hi there, This is more a heads up rather than a question. I use a socks proxy via SSH/corkscrew when I am onsite at clients' sites to get unobstructed internet. To do this I set the OSX OS proxy settings to my socks server However, it seems as though Java picks this up automatically when Burp is run and these settings override the socks setting within Burp (this is also with ...

    1 Agent Answer    0 Community Answer
    Jun 04, 2015 02:02AM UTC