Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Form action hijacking

    Hola Working on site that is reporting the new Burp finding for Form Action Hijacking (Reflective). The application has a POST parameter that is place in the form action html tag. Would you consider this finding in the same category as an arbitrarily URL redirection finding obviously without the 302 redirect?

    2 Agent Answers    2 Community Answers
    Jun 20, 2017 09:40PM UTC
  • License

    Please let me know a single user license key can work if i moved it to some different system as in i am facing issues with my current PC where i have installed the burp license and i want to change my system, so the same key is going to work?? or it's abide to the installed-system only

    1 Agent Answer    0 Community Answer
    Jun 15, 2017 03:36AM UTC
  • Https not working on new phone

    Hi - Was able to use burp with my previous device (iphone 6), but trying to configure my new iphone 7 and not having any luck. Without cert installed I can access http sites with burp, but after installing the cert my device won't load anything and burp doesn't see any traffic - neither https nor http. I've gone through all the steps three different times and validated that PortSwi...

    1 Agent Answer    0 Community Answer
    Jun 13, 2017 01:20AM UTC
  • security testing

    Hi Team, We have tested one app in which we have set cookie as secure & HTTPONLY from code level. But still its showing us below issue during scanning. "Cookie without httponly flag set" Kindly suggest why its showing this if its already fixed. Thanks

    1 Agent Answer    0 Community Answer
    Jun 09, 2017 07:09AM UTC
  • Private Burp Collaborator Server is not working only for me apparently

    I'm trying to deploy an instance of Private Burp Collaborator Server but it seems that burp.jar is ignoring the parameter --collaborator-server. From the help I can see the option there. root@zion:~/Downloads# java -jar burpsuite_free_v1.7.23.jar --help Usage: --help Print this message --disable-extensions Prevent loading of extensions on startup --diag...

    1 Agent Answer    1 Community Answer
    Jun 08, 2017 09:42PM UTC
  • Analysing a token in hex format with sequencer

    Analysis of a token in hex format that is 4 bytes in total length, for example: AB FF 81 4E When I load a series of tokens into sequencer, it interprets the token lenght as 8, which is not the case. AB is one byte, FF is one byte and so on. How can I instruct Burp how many bytes the token consists of and that for example "AB" is one byte and not two. Thank you in advance and Kind Re...

    2 Agent Answers    2 Community Answers
    Jun 02, 2017 01:54PM UTC
  • Burp consumes all RAM

    Hi, I'm running Burp installed on linux (not the portable version) and it consumes all RAM on my machine, up to the point it closes itself. Is there a way to launch it, the same way that happens with the .jar version, limiting the memory it is assigned? Thanks in advance.

    1 Agent Answer    0 Community Answer
    Jun 02, 2017 10:16AM UTC
  • How do I use burp suite to scan hidden fields automatically

    How do I use burp suite to scan hidden fields that show up when I spider a website. When I spider a website, I get two option submit or ignore. How do I test those hidden fields automatically to make sure no one can use those to get any access or data from the website.

    4 Agent Answers    3 Community Answers
    Jun 01, 2017 09:08PM UTC
  • not able access the mobile request after a successful configuration.

    Not able access the mobile request after a successful configuration with the mobile device as instruction shown over the portswigger page can anyone help me quick need urgent.

    1 Agent Answer    0 Community Answer
    May 31, 2017 05:23PM UTC
  • hi

    Team, I am getting below error while running burp suite "client failed to negotiate an SSL connection to " " :443.remote

    1 Agent Answer    0 Community Answer
    May 29, 2017 08:43AM UTC