Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Burp new rest api feature

    Hi, I am trying to use rest api feature on my professional. But getting the problem with the POST call, when I send the post request with the URL, it is not doing the proper crawling and scan. And when I am sending data for the authentication login then login is also getting failed. And even for the POST call, I am not getting the response as 201 Created. Duw we have any demo doc or post for tha...

    1 Agent Answer    0 Community Answer
    Oct 25, 2018 10:14AM UTC
  • Application gives 500 internal server only when I use Burp

    Hi , I am using burp for all my applications I am working on and it works totally fine. But for one single domain it returns a 500 internal server when I use burp , if I turn the proxy off then the application loads fine . What am I doing wrong ? Pls help . Appreciate all the help.

    2 Agent Answers    2 Community Answers
    Oct 24, 2018 11:37PM UTC
  • How do I intercept and Add to Site Map requests PUT/UPDATE/HEAD/DELETE

    Hello, I am just in the middle of Web Service Pentest - REST API. I received Swagger documentation and right now I am trying to spider all the endpoints and methods to Burp. Problem is, I am not able to intercept any other requests than GET or POST. These ones are sucessfuly added to the Site Map and I can work with them further. But I want to add PATCH/PUT/DELETE/HEAD requests to the S...

    1 Agent Answer    0 Community Answer
    Oct 24, 2018 02:00PM UTC
  • SnipSegment

    Dear Support Center, Now I`m using REST API to check a happend issue and its response and request. But the data we`ve got the following API command does not have the all response. curl -vgw "\n" -X GET '' Some of it are hidden by SnipSegment. Is there any way to get the hidden response? Regards, Atsushi

    1 Agent Answer    0 Community Answer
    Oct 24, 2018 11:08AM UTC
  • BurpSuite Enterprise - Agent does not use upstream proxy server

    Hi everyone, I am currently evaluating Burp Enterprise. I installed all components on the same machine. On this machine I need to use a proxy to reach the Internet. This proxy listens on the loopback interface. I've successfully configured the enterprise server to use the proxy, allowing me to activate the product. However, when I start a scan, the agent finishes quickly with 7 unsucces...

    1 Agent Answer    1 Community Answer
    Oct 23, 2018 01:12PM UTC
  • Burp Suite Anti-CSRF POST

    I am trying to run intruder on an app that employs anti-CSRF tokens within forms. Each form has a unique token that must be submitted with a POST request otherwise the session is invalidated. The process is as follows: 1. A GET request is made for a form. 2. The server responds with a token in the body: <meta name="csrf-token" content="bSw4lWeAV" /> 3. A POST reque...

    1 Agent Answer    0 Community Answer
    Oct 22, 2018 05:22AM UTC
  • Burp CA in System and Google Play Store still report No internet connection

    Burp CA installed as trusted on the Android Nougat OS level rooted device, but Google Play Store still inform that there is "No internet connection. Make sure WiFi or cellular data is turned on, then try again". Other app work OK... Any hint?!?

    1 Agent Answer    0 Community Answer
    Oct 20, 2018 02:18PM UTC
  • Cross-site scripting (DOM-based)

    Hi, When I am doing an active scan on a website, I got an issue name Cross-site scripting (DOM-based) with Severity: High Confidence: Tentative Issue detail The application may be vulnerable to DOM-based cross-site scripting. Data is read from location.pathname and passed to $() via the following statement: $('.topbar-navigation-link[href^="/' + location.pathname.split...

    1 Agent Answer    0 Community Answer
    Oct 20, 2018 10:54AM UTC
  • Burp Enterprise - Scan Multi Step Login to Application

    There is a challenge in scanning the typical application with multi step authentication. The actual site however, to login to the site one has to authentication on and then gets redirected to I’m not sure how to setup a scan on this scenario. Could you please helpmeet further on this?

    2 Agent Answers    1 Community Answer
    Oct 20, 2018 12:59AM UTC
  • Burp Suite is corrupt is always corrupted when I download the file.

    I try two times download the *.sh file for linux But always I download the file this happens gzip: sfx_archive.tar.gz: not in gzip format I am sorry, but the installer file seems to be corrupted. If you downloaded that file please try it again. If you transfer that file with ftp please make sure that you are using binary mode. I recei...

    1 Agent Answer    1 Community Answer
    Oct 17, 2018 03:47PM UTC