Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Skipping server side tests for .js and .css files

    How do I set the active scanner to skip server side tests for all .js and .css files? I currently have the following set with the scanner options tab and its not working: Skip server-side tests for: Parameter = URL path filename Item = Value Match Type = Matches Regex Matches Expression = (\.css|.\woff2|\.woff|\.png|\.jpg|\.ico|\.svg |\.js)

    1 Agent Answer    0 Community Answer
    Jul 05, 2017 07:19PM UTC
  • Start a Temp Project with Cli

    Hi, We are limited to use Java 32bit and since it's not very supported it's not possible to work with projects, is there a way to work with temp projects automatically? i.e. launch burp without all the fancy start up wizards? (passing a config works fine)

    2 Agent Answers    2 Community Answers
    Jul 04, 2017 06:08PM UTC
  • Auto-reject client requests for sites with bad certificates

    I'd like to configure Burp Suite to automatically reject requests from the client for sites with bad certificates. This seems really basic, but I haven't found a way to do this. Using badssl.com for testing, Burp Suite lets all of the bad certs right through. Thank you in advance for your help.

    1 Agent Answer    0 Community Answer
    Jun 29, 2017 03:28AM UTC
  • Testing web services

    Is burp capable of testing web services - can all test cases defined in OWASP cheat sheet be tested ? https://www.owasp.org/index.php/Web_Service_Security_Testing_Cheat_Sheet

    1 Agent Answer    0 Community Answer
    Jun 28, 2017 02:22PM UTC
  • spider authentication error

    Hi, I am facing authentication errors when I try to Spider my application. I have enabled proxy and I am already logged into the application. When I start the Spider all the queued requests throw following error, <!DOCTYPE html><html><head><title>Apache Tomcat - Error report</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;colo...

    2 Agent Answers    1 Community Answer
    Jun 28, 2017 02:14AM UTC
  • JavaScript not detected error?

    I am getting

    1 Agent Answer    1 Community Answer
    Jun 28, 2017 01:17AM UTC
  • Non-GUI configuration of predefined payload lists in Intruder

    Hello, default Intruder payloads can be modified through the GUI via the "Intruder -> Configure predefined payload lists" menu. However, I'd like to set this option when starting Burp Suite, using a JSON file like for hotkeys, proxy config, ... Is that possible? Additional Q: where is this value persisted? Thanks in advance, Nicolas

    3 Agent Answers    5 Community Answers
    Jun 27, 2017 10:09AM UTC
  • Need info for creating custom intruder gui

    Hello All, I am working on a extension development which has a requirement for custom UI for intruder tab with default intruder functionalities (i.e. the ui is only different, core functionality will be same as intruder tab). Is it possible to override the intruder methods to create same functionality and display in my custom UI?

    2 Agent Answers    1 Community Answer
    Jun 27, 2017 08:33AM UTC
  • Form action hijacking

    Hola Working on site that is reporting the new Burp finding for Form Action Hijacking (Reflective). The application has a POST parameter that is place in the form action html tag. Would you consider this finding in the same category as an arbitrarily URL redirection finding obviously without the 302 redirect?

    2 Agent Answers    2 Community Answers
    Jun 20, 2017 09:40PM UTC
  • License

    Please let me know a single user license key can work if i moved it to some different system as in i am facing issues with my current PC where i have installed the burp license and i want to change my system, so the same key is going to work?? or it's abide to the installed-system only

    1 Agent Answer    0 Community Answer
    Jun 15, 2017 03:36AM UTC