Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Can I customize the information stored in the project file?

    Hi there! I have created 2 macros that have registered about 5 items. By a session handling rules, I have run one macro before scanning and another macros running after scanning. Then, the project file have become very large capacity. (When the scan status was 5%, the project file was about 120 GB.) [Question 1] Can I customize the information stored in the project file ? [Question ...

    0 Community Answer
    Feb 22, 2018 07:31AM UTC
  • Intercepting Traffic

    I have a problem and I hope you can assist me. My burp suite can successfully intercept both http/https originated from my browser (CA already installed) but whenever I try an arpspoof attack it doesn't intercept anything although I can see it in Wireshark for instance. Furthermore, I am getting error in the Alert tab saying that "the client failed to negotiate an SSL connection to.....

    1 Agent Answer    0 Community Answer
    Feb 20, 2018 10:57AM UTC
  • Dropping requests to specific domains or hostnames without the Out-of-scope feature

    I have a handful of hostnames / domains that I want requests to those domains dropped. Most of the requests are automated in nature e.g. browser requests to ^detectportal\.firefox\.com$ or ^apis\.google\.com$, hence, they are relentless. Is there a 'clean' way to make Burp drop requests to these domains so they never get completed? My current way of doing this is not too elegant...

    2 Agent Answers    1 Community Answer
    Feb 20, 2018 04:43AM UTC
  • Intercepting Android version 8.1 HTTPS Traffic

    Hi there, I have a rooted Nexus 5x (Magisk rooted) with Android 8.1 installed. I have been trying to intercept traffic with Burp but I'm running into problems that I have never had before. There are only a few HTTPS requests that I can seem to intercept. Both in FireFox and Chrome, I get a "certificate untrusted" error in one form or another and I can't connect to HTTPS w...

    1 Agent Answer    0 Community Answer
    Feb 19, 2018 12:57AM UTC
  • burp web interface

    I am fresh new burp user, and already completed some of courses but now I cannot reach the burp web interface. Currently burp is working well but when I type http://burp it automatically sends me to tomcat it works page, not the burp page. Thanks and best regards.

    1 Agent Answer    0 Community Answer
    Feb 18, 2018 08:57PM UTC
  • burp suite not capturing HTTPS in proxy

    Hi, i followed all the setting ,and infact able to capture the request in proxy using other tool and i dont know why am not able to capture https request in proxy setting through burp suite. in proxy setting its endlessly buffering .

    1 Agent Answer    0 Community Answer
    Feb 16, 2018 07:24AM UTC
  • Extension priority during processHttpMessage()

    Say you have multiple extensions which implement processHttpMessage(). How is the extension priority defined? For an example imagine a SOC team asks you to make all your requests with the same user agent, how do you make sure your extension which will alter it will be the last one to apply?

    1 Agent Answer    0 Community Answer
    Feb 15, 2018 06:07PM UTC
  • Server configurations requirement for Burp suite Pro

    Hi Team, We would like to use Burp suite Pro to run the source code scan for web application. But we are not sure to calculate how much size of hard disk is required to run VA / PT and RAM requirement and OS requirements. Please guide me Best Regards Srini

    1 Agent Answer    0 Community Answer
    Feb 14, 2018 12:57PM UTC
  • Is their restrictions on testing Video upload with Generate CRSF PoC ?

    I am using the Generate CRSF PoC to test the CSRF vulnerabilities of my site. But the Submit Request button seems to be disabled or inactive when I create a HTML to retest the upload of a video to my site? Is their restrictions on this type of upload? Thank you

    1 Agent Answer    0 Community Answer
    Feb 12, 2018 12:23PM UTC
  • Burp Suite Proxy will not intercept the site after Intercept mode is on

    Even when intercept is turned on, burp suite does not intercept the request. I am able to see the HTTP request made under HTTP history and do an active scan but the status in scan queue gets stuck at 0% complete. Please advise

    1 Agent Answer    0 Community Answer
    Feb 09, 2018 04:46PM UTC