Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • XSS DOM-Based

    Hi, I'm a relative n00b trying to understand DOM-based XSS from the following issue reported by Burp. I'm trying to figure out if this is false-positive or not. Having difficulty putting together a POC, identifying the sources and sinks. Data is read from window.location.pathname and passed to $() via the following statements: var href=window.location.pathname; href=href.substr(href...

    0 Community Answer
    Jun 19, 2018 04:14PM UTC
  • about web sockets

    we are using web socket to connect multiple systems, so one of my pc is having to capture the login request for an application so in that time when i capturing the request automatically it is capturing another url of websocket please help me out of this issue..

    1 Agent Answer    0 Community Answer
    Jun 18, 2018 10:56AM UTC
  • I can load https but not intercept.

    I want to load google.com,facebook.com via burpsuite.but i cannot. Burp suite works for http great but not for https. Please Help me. Thanks.

    1 Agent Answer    2 Community Answers
    Jun 17, 2018 02:15PM UTC
  • Not all Traffic is being intercepted between client and server

    Hello I’m working on a game called Marvel Contest of Champions. Basically I want to intercept all the packets and traffic between the client and server such as server request/client response for example: If you want to start and finish a fight, a packet is sent to the server and vice versa. However when I do the standard Burp Suite intercepting I only get 3 packets, not all of the packets o...

    2 Agent Answers    2 Community Answers
    Jun 17, 2018 12:03PM UTC
  • updates

    Why is it so that every time I open a new Burp session I get a pop screen stating that a new update is available. This happens even after updating it a few moments earlier. I'm trying to automate the scanning process and this popup is not allowing me to do so. How can i stop this.

    1 Agent Answer    0 Community Answer
    Jun 14, 2018 10:39AM UTC
  • Needs to know the kind of Security Pen-test in Prod Environment -Web AppSec

    Can someone tell me about the various security testing in Web Application involved without creating any junk data in DB or collapsing Duplicating data with original data present and testing will be done in Production Environment ? Please let me know testing involved like HTTP Head injection, Cookie Manipulation & LDAP injection etc...

    2 Agent Answers    1 Community Answer
    Jun 13, 2018 06:24PM UTC
  • %3cdiv Onload=alert() autofocus%3E%3c/div%3E

    Ignore this

    0 Community Answer
    Jun 13, 2018 03:02PM UTC
  • " Onload=alert()

    Ignore this

    0 Community Answer
    Jun 13, 2018 02:59PM UTC
  • Target for scan

    hey, if my target for scanning is https://xx.com, how would i create a rule or a policy to scan every sub-domain under the domain??

    1 Agent Answer    0 Community Answer
    Jun 13, 2018 02:31PM UTC
  • localhost in waiting forever

    Hi all, im trying to use burp suite with DVWA in order to make some experiments. Burp Suite is configured as written in the guide available in the website. 127.0.0.1 and 8080 as a port. My localhost as well works fine. Proxy activated under firefox with the same numbers as for Burp Suite. However, when i try to navigate the DVWA website, my localhost remains in waiting for so long time. I also tri...

    1 Agent Answer    0 Community Answer
    Jun 13, 2018 12:19PM UTC