Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Burp CA in System and Google Play Store still report No internet connection

    Burp CA installed as trusted on the Android Nougat OS level rooted device, but Google Play Store still inform that there is "No internet connection. Make sure WiFi or cellular data is turned on, then try again". Other app work OK... Any hint?!?

    0 Community Answer
    Oct 20, 2018 02:18PM UTC
  • Cross-site scripting (DOM-based)

    Hi, When I am doing an active scan on a website, I got an issue name Cross-site scripting (DOM-based) with Severity: High Confidence: Tentative Issue detail The application may be vulnerable to DOM-based cross-site scripting. Data is read from location.pathname and passed to $() via the following statement: $('.topbar-navigation-link[href^="/' + location.pathname.split...

    0 Community Answer
    Oct 20, 2018 10:54AM UTC
  • Burp Enterprise - Scan Multi Step Login to Application

    There is a challenge in scanning the typical application with multi step authentication. The actual site however, to login to the site one has to authentication on and then gets redirected to I’m not sure how to setup a scan on this scenario. Could you please helpmeet further on this?

    0 Community Answer
    Oct 20, 2018 12:59AM UTC
  • Burp Suite is corrupt is always corrupted when I download the file.

    I try two times download the *.sh file for linux But always I download the file this happens gzip: sfx_archive.tar.gz: not in gzip format I am sorry, but the installer file seems to be corrupted. If you downloaded that file please try it again. If you transfer that file with ftp please make sure that you are using binary mode. I recei...

    1 Agent Answer    1 Community Answer
    Oct 17, 2018 03:47PM UTC
  • why my base response in scanner is incorrect

    I have a POST request POST /request/<ID> which gives successful response(200 OK) for a unique id value. But if the same id value is used again, then we get 4XX series of response with an error stating ID already exists. How do I scan such a request? I send this request to repeater, change the ID value and click Go. I get a successful response in Repeater. But if open the request in ...

    1 Agent Answer    0 Community Answer
    Oct 16, 2018 10:54AM UTC
  • Burp 2.0 Rest API documentation

    Where can I get detailed documentation of the Burp 2.0 Rest API ( particularly its usage. I tried using it by first invoking the SCAN method - I supplied the target url, application_logins, etc. It appears to have succeeded as it returned "201 Created" response. However I don't know how to retrieve the scan results and/or kno...

    1 Agent Answer    0 Community Answer
    Oct 15, 2018 09:06PM UTC
  • Identifying presence of mobile code (STIG assessment)

    Is there a list/suite of signatures to check for the presence of mobile code?

    1 Agent Answer    0 Community Answer
    Oct 15, 2018 02:33PM UTC
  • I can get response in browser but can't when go through Burp

    I'm using Burp to find the real video file URL of a web page. I can play the video without any issue in the browser. However, when I set the browser to go through Burp, it simply didn't get the response and wait indefinitely. I can see there are some other requests and responses captured in Burp. It's just the video didn't play. Are there any settings I missed? Any suggestions?...

    1 Agent Answer    0 Community Answer
    Oct 14, 2018 03:44PM UTC
  • what payload type I should use in intruder , if password pattern has characters that are known

    I am trying to brute forcing a login page using the intruder , attack type cluster bomb , I have defined the payload set 1 for username , in payload set 2 I want to brute the password , noting that I know that the pass length is 8 characters , and characters 3 & 4 are known for me , example I know that they will be ## , so I want the payload type that can help me brute force character 1, 2, 5 ...

    1 Agent Answer    0 Community Answer
    Oct 13, 2018 11:19PM UTC
  • 1539392247666 Proxy [3] The client failed to negotiate an SSL connection to

    Hello, I am trying to connect burp to my phone. I make proxy listener on all interfaces and on port 8080. I then go to my ios device and connect to that proxy. I open up anything and it says "1539392247666 Proxy [3] The client failed to negotiate an SSL connection to Remote host closed connection during handshake" I have no idea why it does this. I have ins...

    1 Agent Answer    0 Community Answer
    Oct 13, 2018 01:01AM UTC