Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • How to test Cross Site

    We have bought Burpsuite professional edition .Kindly let us know how to test cross site in our Application. In your tool it is not detecting Cross site in our application but other tool are detecting .Please tell us proper way to test for cross site.

    1 Agent Answer    0 Community Answer
    Aug 02, 2017 08:33AM UTC
  • Burp Collaborator Results & Errors

    Hi all, I was checking this one app, where, while using Collaborator feature, I noticed a seemingly inconsistent behavior. The app is protected by Cloudflare, and it is possible that WAF is also in use. I am using Burp's public collaborator server, and the Collaborator Everywhere extension. One of the scans was able to confirm External service interaction (DNS & HTTP) finding. The r...

    1 Agent Answer    0 Community Answer
    Aug 02, 2017 01:59AM UTC
  • scanning executable files

    Hello, I am looking for help on scanning a exe file that is on a website we are hosting. It always takes a long time to scan it and never finds anything. There is no errors message or timeouts. I try to find a way to scan this item better, I was not able to find anything. If I have miss something in forum please let me know. Rest of the website when I scan does great.

    2 Agent Answers    2 Community Answers
    Jul 31, 2017 04:28PM UTC
  • More info on "External service interaction (DNS)"

    While reviewing a web application, I got the "External service interaction (DNS)" issue. I googled for it and I got a grasp on what it could be possibly be, but I'd wish to have some suggestions on how to create a valid POC for this issue. In the vulnerable header I tried to put my own server IP, while observing the log of all the incoming requests. Sadly nothing showed up. Am I ...

    1 Agent Answer    0 Community Answer
    Jul 31, 2017 03:07PM UTC
  • Why the content discovery always check the .gif file?

    When I use the content discovery,I found this will genered a ton of task to check .gif filetype?maybe I missed some setting? Queued Tasks Path /Tasks /requests /xx/xx/images/ Test numeric variants on xx_f_040.gif 4 /xx/xx/images/ Test extension extension on xx_f_040.gif 9 /xx/xx/images/ Test extension extension on left_img_study.OLD

    1 Agent Answer    0 Community Answer
    Jul 31, 2017 09:24AM UTC
  • Getting err_cert_authority_invalid after following the instruction to configure in Android

    Hi, I am getting the error: err_cert_authority_invalid after i installing cacert in Android device. I follow the step that is available here and still getting this error. Please help. Thank you!

    1 Agent Answer    0 Community Answer
    Jul 31, 2017 05:44AM UTC
  • Burp Proxy and Microsoft Office Plugin?

    Trying to test a new app we're developing which has a plugin for Office that is a browser that allows for a template like builder pulling data from auth'd server. Tyring to figure out how to proxy that plugin w/in MS Office to test/validate traffic back to our server from client.

    1 Agent Answer    0 Community Answer
    Jul 28, 2017 09:08PM UTC
  • Remove entries from "Open existing project"

    Hello, how can I delete entries from Burp's "Open existing project" list without deleting or moving the burp files? Where does Burp maintain the list of existing projects? Thanks

    1 Agent Answer    0 Community Answer
    Jul 24, 2017 09:13AM UTC
  • Anti-CSRF Token Update/Burp Macro

    Hello, I have been testing out the macro functionality of Burp in order to update anti-CSRF tokens on requests. I'm having issues because when I record and test the macro, everything works fine and as intended but after I configure the session handling rules, the token never updates. I primarily am testing this using Intruder because the scanner is a little more difficult to identify defin...

    1 Community Answer
    Jul 21, 2017 04:45PM UTC
  • Whatsapp and twitter MITM

    Dears, Can anyone please assist why cant i intercept Whatsapp or twitter packets from mobile device even after installing the burp certificate and unpinned the app.

    2 Agent Answers    1 Community Answer
    Jul 20, 2017 09:30AM UTC