Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • How to save predefined payload list custom directory to JSON config file?

    Hi, when I go to Intruder - Configure predefined payload lists -> can I create a JSON project/user config file with pre-selected directory of my choice for loading custom lists? I tried exporting User and Project settings, but didn't find anything of use. Thanks, Andrej

    1 Agent Answer    0 Community Answer
    May 29, 2018 07:20AM UTC
  • Second Order Testing | Burp Scanner

    I'm trying to setup a session rule for Burp Scanner, is it possible to create a session/macro for the following scenario? Scenario: Webpage #1: POST Request filename=payload Webpage #2:GET Request Basically how to I take the payload from #1 and insert it into #2 view parameter and analyse that response?

    1 Agent Answer    0 Community Answer
    May 28, 2018 12:01PM UTC
  • smart card client certificate Error signing certificate verify

    Hello! I want to test a a web page which uses client certificate for authentication (smart card -pkcs11). If I connect to the page without Burp proxy I can log in. If I set the client certificate in Burp's User Options/SSL then I get an error signing certificate verify message. The same certificate imported to Burp in p12 format works as well. (no error message). Any suggestions? ...

    1 Agent Answer    0 Community Answer
    May 24, 2018 12:02PM UTC
  • Burp Spider deleted controls in a SalesForce application

    Hi - We recently spidered a Salesforce application and this resulted to changes in the application such as: Deleted custom field Changed the UI Skin Changed Enable Drag-and-Drop Editing on Calendar Views from on to off Changed formula of Month custom field etc The Automatically Submit forms was enabled. Why would burp spider be able to do these things. What default values does...

    1 Agent Answer    0 Community Answer
    May 18, 2018 02:27AM UTC
  • Automate Burp License Activation

    We are working on a project, where we wanted to deploy Burp on a container in a ci/cd. Is there a way to automate the Burp License Activation process programmatically eitherway in a headless mode ? Has anyone given it a try earlier? Pranav

    1 Agent Answer    0 Community Answer
    May 14, 2018 10:19PM UTC
  • certificate_unknown

    I have an iOS app I'm testing on an iPhone 5c running iOS 10.3.3. The Burp certificate is correctly installed on the device as I'm able to see https web requests and https app requests from other applications within Burp without issue. When I launch the target app I receive "The client failed to negotiate an SSL connection to <client>.com:443: Received fatal alert: certi...

    1 Agent Answer    0 Community Answer
    May 11, 2018 03:39PM UTC
  • How do i prevent cookie ID injections in the request parameter?

    I have a case where we recorded a bunch of URL's and re-scanning them. During the re-scan the session expired. So to create an active session i have created a session handling rule to trigger login and create a new Session ID which is updated in the cookie jar. I also used the 'use Cookie jar from Burp's cookie jar' to ensure the rest of the requests are using the valid Sessi...

    1 Agent Answer    0 Community Answer
    May 11, 2018 04:48AM UTC
  • Burp/run analytics

    I would like to know how to run analytics

    1 Agent Answer    0 Community Answer
    May 10, 2018 08:46PM UTC
  • Missing identification of SQL injection


    0 Community Answer
    May 10, 2018 01:17PM UTC
  • Fuzz APIs ?

    Do burp is having any extension which can help in Pen test of APIs ? Like another tool API fuzzer ? along with Intruder what else can be used to do API pen test automatically ?

    1 Agent Answer    0 Community Answer
    May 10, 2018 12:04PM UTC