Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Cross-site scripting (DOM-based)

    Burp has created two different tentative DOM XSS issues with this description: "The application may be vulnerable to DOM-based cross-site scripting. Data is read from location and passed to $() via the following statement:" And these are the statements: var path = $(location).attr('pathname') ? $(location).attr('pathname').split('/') : []; and ...

    2 Agent Answers    1 Community Answer
    Jan 29, 2018 01:34PM UTC
  • Failed to connect website.com:443

    I'm having issues connecting to a website, I can connect without the proxy on but as soon as I enable the proxy and try to connect, Burp will give me the "Failed to connect to website.com:443". I've added the site to the Hostname Resolution project options and it would work for a bit, I doubled checked the the Burp ssl cert is loaded as well. I cannot tell whether it is on my...

    1 Agent Answer    0 Community Answer
    Jan 25, 2018 04:46PM UTC
  • Locked due to many failed login attempts as soon as i scan my application

    Issue 1: My application(https://test2.tstraining.com/) is getting locked due to many failed login attempts as soon as i scan my application. Am i sending bunch other invalid passwords ?? I see below article. I don't know whether it is useful on my case as I'm not finding any POST request with invalid password anywhere. https://support.portswigger.net/customer/en/portal/articles/2...

    1 Agent Answer    0 Community Answer
    Jan 24, 2018 09:09PM UTC
  • Viewing Issues

    After running a scan using Community Version v1.7.30 in free mode, I do not see a the Issues tab under Target >> Site Map. After looking at posted screenshots, I see a set of tabs above the Request | Response tabs. I do not have those tabs but instead have a listing of pages with column headers like Host | Method | URL | Params etc. How can I adapt the interface to show the Issues tab?

    1 Agent Answer    0 Community Answer
    Jan 23, 2018 03:27PM UTC
  • Support

    How to remove repeating same letters when brute forcing. Like the program won't make passwords llike aaaaaa or bbcghe because the letters repeat.

    1 Agent Answer    0 Community Answer
    Jan 22, 2018 03:31PM UTC
  • Unable to use Burp with proxy

    Setting my Firefox proxy server to 127.0.0.1:8080 for all protocols disallows me from connecting to any website at all. Error message: https://gyazo.com/dba7c96b3dd6920b33f1ccf2810b7826 Not only that, but the HTTP history always displays connections to "detectportal.firefox.com" as it's intercepting. https://gyazo.com/3b622cb3ce5934771769885724d2cba2 Any tips on how to ge...

    2 Agent Answers    1 Community Answer
    Jan 18, 2018 05:04PM UTC
  • Remote host connection closed during handshake

    Hi , Burp is not intercepting traffic when I am accessing app via company n/w with proxy However, when I am connected to my home n/w ( no proxy) I am able to intercept in Burp. Can you please advise ASAP Rds, Garry

    3 Agent Answers    3 Community Answers
    Jan 18, 2018 06:57AM UTC
  • Grep all responses for a specific string

    Hey, During my testing I usually enter some predefined strings into all possible fields. Lets say all my data looks like "AAAA-something" strings. Not always it is reflected immediately to the ouput. Is it possible to passively scan all server responses and grep them all for my specific strings ? I know this is possible in Intruder. But I need it as a passive scan feature while br...

    1 Agent Answer    1 Community Answer
    Jan 15, 2018 08:14AM UTC
  • Restore installed extensions

    Hey, Is it possible to install a selected number of extensions from BAppStore and restore them on Burp restart and new project creation? It is tedious to reinstall extensions everytime I start bounting on a new scope.

    2 Agent Answers    2 Community Answers
    Jan 11, 2018 06:36AM UTC
  • connection:close And Portswigger CA certificate untrusted by ESET Antivirus

    Hello, I have installed burp suite v.1.7.30 on windows 10 and configured Mozilla firefox accordingly. Every time I try to access any website ESET antivirus gives an alert saying "Encrypted Network Traffic, untrusted certificate" also in Burp Suite connection: close is shown. What do I do?

    1 Agent Answer    0 Community Answer
    Jan 10, 2018 01:18PM UTC