Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Https not working on new phone

    Hi - Was able to use burp with my previous device (iphone 6), but trying to configure my new iphone 7 and not having any luck. Without cert installed I can access http sites with burp, but after installing the cert my device won't load anything and burp doesn't see any traffic - neither https nor http. I've gone through all the steps three different times and validated that PortSwi...

    1 Agent Answer    0 Community Answer
    Jun 13, 2017 01:20AM UTC
  • security testing

    Hi Team, We have tested one app in which we have set cookie as secure & HTTPONLY from code level. But still its showing us below issue during scanning. "Cookie without httponly flag set" Kindly suggest why its showing this if its already fixed. Thanks

    1 Agent Answer    0 Community Answer
    Jun 09, 2017 07:09AM UTC
  • Private Burp Collaborator Server is not working only for me apparently

    I'm trying to deploy an instance of Private Burp Collaborator Server but it seems that burp.jar is ignoring the parameter --collaborator-server. From the help I can see the option there. root@zion:~/Downloads# java -jar burpsuite_free_v1.7.23.jar --help Usage: --help Print this message --disable-extensions Prevent loading of extensions on startup --diag...

    1 Agent Answer    1 Community Answer
    Jun 08, 2017 09:42PM UTC
  • Analysing a token in hex format with sequencer

    Analysis of a token in hex format that is 4 bytes in total length, for example: AB FF 81 4E When I load a series of tokens into sequencer, it interprets the token lenght as 8, which is not the case. AB is one byte, FF is one byte and so on. How can I instruct Burp how many bytes the token consists of and that for example "AB" is one byte and not two. Thank you in advance and Kind Re...

    2 Agent Answers    2 Community Answers
    Jun 02, 2017 01:54PM UTC
  • Burp consumes all RAM

    Hi, I'm running Burp installed on linux (not the portable version) and it consumes all RAM on my machine, up to the point it closes itself. Is there a way to launch it, the same way that happens with the .jar version, limiting the memory it is assigned? Thanks in advance.

    1 Agent Answer    0 Community Answer
    Jun 02, 2017 10:16AM UTC
  • How do I use burp suite to scan hidden fields automatically

    How do I use burp suite to scan hidden fields that show up when I spider a website. When I spider a website, I get two option submit or ignore. How do I test those hidden fields automatically to make sure no one can use those to get any access or data from the website.

    4 Agent Answers    3 Community Answers
    Jun 01, 2017 09:08PM UTC
  • not able access the mobile request after a successful configuration.

    Not able access the mobile request after a successful configuration with the mobile device as instruction shown over the portswigger page can anyone help me quick need urgent.

    1 Agent Answer    0 Community Answer
    May 31, 2017 05:23PM UTC
  • hi

    Team, I am getting below error while running burp suite "client failed to negotiate an SSL connection to " " :443.remote

    1 Agent Answer    0 Community Answer
    May 29, 2017 08:43AM UTC
  • JRE Install didn't work.

    I followed the "Getting Started" instructions. Checked for Java, did not find it, downloaded latest JRE, tried to install it and got error message to run SxsTrace. Not sure what to do next and finding nothing in any of your documentation or forums, so uninstalling BurpSuite. Thanks.

    1 Agent Answer    0 Community Answer
    May 29, 2017 01:11AM UTC
  • How Do I: Tell Intruder that a particular field must be unique for every request?

    Hey, I have a web app that has an "Add User" feature. The form submission includes lots of details (about 150) and one of the fields submitted is the "Username" field. I have used the pitchfork attack type and this sort-of works. Unfortunately, it seems to mean that I have to test every single field other than the username individually. I also like using the Intruder t...

    1 Agent Answer    0 Community Answer
    May 25, 2017 01:09PM UTC