Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Intercepting iOS traffic

    Burp is giving unkonown certificate errror while intercepting traffic for an ios app which is on https. The certificate has been added the trusted profiles and also app doesn't use certificate pinning .

    1 Agent Answer    1 Community Answer
    Aug 08, 2017 11:39AM UTC
  • Target Scope scan

    Good Day May I ask, how can I manually initiate a scan using the Target scope What I have is txt file with urls that has been loaded onto the Target Scope but I'm not sure how the scan is started Thank you Jabu

    1 Agent Answer    0 Community Answer
    Aug 07, 2017 08:43AM UTC
  • Find the actively scan defined insertion points

    How do I find which parameter I selected on "actively scan defined insertion points" feature in the context menu of the Intruder? If you go to Scanner tab there will be an item there but no information at all which parameter is been select for scanning. My suggestion is to highlight the parameter(s) on the "Base request" under "Show details" screen. Thanks! Rica...

    1 Agent Answer    0 Community Answer
    Aug 05, 2017 08:46PM UTC
  • Do not want to manually forward each request

    Hi, I am trying to leverage Burp proxy to obtain the API calls in our custom web application. I have a series of automated tests that I would like to run while Burp is running to obtain a list of the POST APIs with their data. Right now I am having to click the forward button for every request. Is there a way to just automatically forward the requests?

    1 Agent Answer    0 Community Answer
    Aug 04, 2017 12:50PM UTC
  • Burp appears not to be working with HTTPS

    I have been through every guide on this site. installed and reinstalled certificates. configured burp and browser to work together to generate certificate. checked all settings installed, un-installed and re-installed burp, foxyproxy and updated java to 1.8.0_144. And even written this message twice, to ensure I am not missing something. I am at a total loss now. I most frequently...

    1 Community Answer
    Aug 03, 2017 12:02AM UTC
  • How to test Cross Site

    We have bought Burpsuite professional edition .Kindly let us know how to test cross site in our Application. In your tool it is not detecting Cross site in our application but other tool are detecting .Please tell us proper way to test for cross site.

    1 Agent Answer    0 Community Answer
    Aug 02, 2017 08:33AM UTC
  • Burp Collaborator Results & Errors

    Hi all, I was checking this one app, where, while using Collaborator feature, I noticed a seemingly inconsistent behavior. The app is protected by Cloudflare, and it is possible that WAF is also in use. I am using Burp's public collaborator server, and the Collaborator Everywhere extension. One of the scans was able to confirm External service interaction (DNS & HTTP) finding. The r...

    1 Agent Answer    0 Community Answer
    Aug 02, 2017 01:59AM UTC
  • scanning executable files

    Hello, I am looking for help on scanning a exe file that is on a website we are hosting. It always takes a long time to scan it and never finds anything. There is no errors message or timeouts. I try to find a way to scan this item better, I was not able to find anything. If I have miss something in forum please let me know. Rest of the website when I scan does great.

    2 Agent Answers    2 Community Answers
    Jul 31, 2017 04:28PM UTC
  • More info on "External service interaction (DNS)"

    While reviewing a web application, I got the "External service interaction (DNS)" issue. I googled for it and I got a grasp on what it could be possibly be, but I'd wish to have some suggestions on how to create a valid POC for this issue. In the vulnerable header I tried to put my own server IP, while observing the log of all the incoming requests. Sadly nothing showed up. Am I ...

    2 Agent Answers    1 Community Answer
    Jul 31, 2017 03:07PM UTC
  • Why the content discovery always check the .gif file?

    When I use the content discovery,I found this will genered a ton of task to check .gif filetype?maybe I missed some setting? Queued Tasks Path /Tasks /requests /xx/xx/images/ Test numeric variants on xx_f_040.gif 4 /xx/xx/images/ Test extension extension on xx_f_040.gif 9 /xx/xx/images/ Test extension extension on left_img_study.OLD

    1 Agent Answer    0 Community Answer
    Jul 31, 2017 09:24AM UTC