Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Manipulate Header Request Parameter in Extension

    Hi, I want to build up a automatic test system for a json api. My plan is as follows: Initially I get a fresh login token. Then i get into the proxy (processProxyMessage) and to replace the token with my freshly acquired login token. My problem is that I cannot update the content of my request. The token just doesnt change. Pseudocode: public void processProxyMessage(boolean messageIsRe...

    0 Community Answer
    Mar 27, 2017 04:09PM UTC
  • SiteMap & Spider Out-Of-Scope Entries

    Hi, I have an application that I'm testing with thouthands maybe more of urls like example.com/[0-9]+ and I don't want to go thru them all not in Sitemap/Proxy/Spider so first I setup a rule in Scope Exclude with ^example\.com$ ^/[0-9]+.* and I have this settings in: Spider/Control/Spider Scope: Use Suite Scope Project Options/Connections/Out-Of-Scope: Use Suite Scope and Drop ...

    1 Agent Answer    0 Community Answer
    Mar 26, 2017 10:01PM UTC
  • How to switch ip addresses per 6 requests?

    Hi, I am trying to run a attack on a login page. The problem is that it locks me out every 6 requests. Is their a way to change an IP on every 6 requests? I have tried the IP address header extension but when I run it does not work, does anyone know of a way to do what I need? A way to change an ip in burp suite every 6 tries ? Does the extension I listed work for what I am trying to do? If th...

    1 Agent Answer    0 Community Answer
    Mar 26, 2017 06:32AM UTC
  • set up burp suite on a remote host in order for

    Hello support... I am looking to have burp suite set up on a remote host in order and our teams connect using a web browser if possible to run pentests on webapps? Thanks, Sam

    1 Agent Answer    0 Community Answer
    Mar 25, 2017 01:34AM UTC
  • auto login

    Hi, Burp offers macro to auto login. I was able to record macro, and the macro will add new cookies in the cookie jar, and the subsequent requests use the new cookies. However, the subsequent requests need one additional string in the request header (not in cookie), otherwise the requests will fail. This additional string, (for CSRF attack) is in the response during the login process. ...

    1 Community Answer
    Mar 24, 2017 04:07PM UTC
  • problem in using burp suite

    I can't listen on 127.0.0.1:8080. I am able to listen on another port (for e.g. 127.0.0.1:8000). when I am connected to port 8000 ,{{ connection : close }} .I know, It should be {{connection : keep alive }}. i have watched every video on youtube , how to configure. but i am not able to solve this....problem 1: why cant I listen on port 8080.. problem 2 : {{ connection : close}}

    1 Agent Answer    0 Community Answer
    Mar 24, 2017 07:17AM UTC
  • Filter

    How do I add a filer which can just Drop/Intercept/Delay a specific format of message?

    1 Agent Answer    0 Community Answer
    Mar 23, 2017 07:23PM UTC
  • Pretty JSON

    Hi, I'm using the latest BurpSuite Pro and I noticed that "Pretty" script from BApp Store just vanished. So, now if I want to beautify JSON response, how can I do it ? Cheers,

    1 Agent Answer    0 Community Answer
    Mar 22, 2017 01:58PM UTC
  • Calling a saved Intruder Attack using Extender.

    Hi, I am creating an Extender that will run an Intruder Attack every day at a specific time. The first step that I wanted to do is run a saved attack. Using which API I can accomplish the above. Thanks in Advance.

    1 Agent Answer    0 Community Answer
    Mar 22, 2017 08:13AM UTC
  • Analyzing different response page with Intruder & Scanner

    Can Burp do the following scenario: Request Page: www.example.com/account=123 Response Page: www.example.com/account-submitted View Account: www.example.com/viewAccount So I would like Burp intruder to submit the request www.example.com/account=123 but analyze a different page www.example.com/viewAccount rather than the response of www.example.com/account=123. And is it possible to do it f...

    1 Agent Answer    0 Community Answer
    Mar 21, 2017 04:42PM UTC