Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • HOW I DO

    hi team can u tell me how i set up and run the burp suite. i already download burp suite community edition .

    1 Agent Answer    0 Community Answer
    Apr 04, 2018 07:23PM UTC
  • Potential False Positive DOM Based XSS

    Hi, Burp reported just this below line as Dom Based XSS vulnerability as Severity: High, Confidence: Tentative. I didn't find a way to exploit this line within a scenario since there is no parameter exists that can be user controllable. When I debug from console currentURL parameter, only real location of url is returned. How can this type of XSS vuln can be exploited, or is it a false pos...

    1 Agent Answer    0 Community Answer
    Apr 03, 2018 04:23PM UTC
  • Headless scan in BURP with bearer token

    I am trying to do some automated scanning with BURP in an ervironment that requires token authentication. For this purpose I need to login before each session to get a bearer token. This token is in the body of the login response. Now I need to get this token and put it in the header of all following requests. I intend to run this scan headless from a command prompt. What I have so far: I hav...

    3 Agent Answers    3 Community Answers
    Apr 03, 2018 01:53PM UTC
  • Burp workings

    Hii...I have tomcat server running which has vulnerable websites for the purpose of learning how to hack them..I have installed burp suite and now it is intercepting the requests but not forwarding the requests to tomcat server my forwad button under proxy intercept tab is disabled ....what do i do now plss help

    1 Agent Answer    0 Community Answer
    Apr 01, 2018 05:21AM UTC
  • Can you implement the Send Intruder technique to a project in Java, Android Studio or php??

    I would like to know how Burp Suite performs the capture of the http request and how it is modified and how it is sent back to the destination server with the POST method. And I would also like to know if that attack can be implemented to a project in Java, Android Studio or php. Thank you

    1 Agent Answer    0 Community Answer
    Mar 31, 2018 06:16PM UTC
  • Delete issues through extension

    I created a burp extension in python that scans from a list of URLs and generates a report after it is done. I'm not able to find a method in the API that allows me to clear all reported issues. Is this possible? If so it would be great if you can provide a sample solution.

    1 Agent Answer    0 Community Answer
    Mar 30, 2018 06:16AM UTC
  • Scope Control

    Domains can be in one of three states: in scope, out of scope, or undecided. A domain is undecided if it is not mentioned by any of the in/out of scope rules. In the site map, I would like Burp Suite to hide domains that I explicitly defined as out of scope, but display everything else (i.e. domains that are in scope as well as domains that are not mentioned in the scope rules). Checking the "...

    1 Agent Answer    0 Community Answer
    Mar 29, 2018 12:52PM UTC
  • Disable autocomplete inside Burp

    Is it possible to disable Burp's autocomplete when entering in fields such as search term box in HTTP history? I have issues where it doesn't go away and leaves a blank box or I have to enter what I want and delete it and then re-type it so I can select it from the popup so it goes away. I'm not looking for a way to fix that, I just want that turned off as it will also sometimes...

    2 Agent Answers    1 Community Answer
    Mar 26, 2018 09:08PM UTC
  • Scanner very slow

    Hi - I'm attempting a non-authenticated point and click scan of our SaaS application. There are over 1,300 items, many of which are 404.aspx and the help system. Why is it so slow? When I started it 12 hours ago, it seemed to be moving a long at a reasonable rate, but 12 hours later, only 100 items are complete. (At this rate, it will take a week to complete.) I'm running Windows 10. I...

    1 Agent Answer    0 Community Answer
    Mar 24, 2018 01:16PM UTC
  • How do I calculate the length in the proxy http history

    I was wondering about the size in the length column (in proxy http history),it has been said in the documentation that the length refer to the response length but it dose not seems like this, for example I have length is equal to 204 but in the response tab the actual content-length is 42 so how the length is calculated? and how do I map the response length with the length column

    1 Agent Answer    0 Community Answer
    Mar 24, 2018 11:21AM UTC