Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Peer's certificate issuer has been marked as not trusted by the user.

    Hi all, I have some weird issues with Burp for the last two days. It first started that some of my Extensions stopped reporting to Issues tab. I shut down Burp, restared it again and all suddent these problems happen 1) on my FireFox browser - every time when I go to HTTPS site I see message " Peer's certificate issuer has been marked as not trusted by the user. (Error code: sec_...

    2 Agent Answers    1 Community Answer
    Jan 27, 2016 03:24PM UTC
  • OWASP top 10 reporting?

    Is there a way to customize the reporting to show OWASP top 10 report or how can we get OWASP top 10 reporting? Thanks

    1 Agent Answer    0 Community Answer
    Jan 27, 2016 07:04AM UTC
  • How do I stop certain file types going to the active scanner?

    This seems like it should be easy, but it's not working as I expected. I want to block all files of a certain type from going to the active scanner, even if it's otherwise in scope. For example, if I want to stop all CSS files from being scanned, then I thought I could create a rule to skip *.css, but I can't seem to make it happen. Any ideas?

    1 Agent Answer    0 Community Answer
    Jan 25, 2016 11:07PM UTC
  • How to intercept the traffic of application installed on Android Virtual Device

    Hi Team, I have created the Android virtual device on the Windows system using the Android studio. Also I have installed an application on that AVD. Can anyone know how to intercept the traffic ?

    2 Agent Answers    1 Community Answer
    Jan 25, 2016 02:33PM UTC
  • Android Virtual Device

    Hi Team, I have created an Android virtual device using Android SDK Manager on my windows 7 system. I have installed an android application on that Virtual android device. Can anyone please let me know ho to intercept the traffic of that application in the burpsuite intalled on the same system? Please reply asap.

    1 Agent Answer    0 Community Answer
    Jan 25, 2016 02:30PM UTC
  • intercept (and modify) HTTP responses

    I see that when intercept is on, it only intercepts HTTP requests. How do I intercept (and modify) HTTP responses before my browser sees them?

    1 Agent Answer    1 Community Answer
    Jan 24, 2016 01:45AM UTC
  • Portable (no registry writes) version?

    Hi, is there a portable version of Burp that doesn't write to my Windows Registry? Something that I can bring on a thumbdrive and plug into systems without leaving any "trails".

    1 Agent Answer    0 Community Answer
    Jan 23, 2016 11:41PM UTC
  • Spider a specific folder

    Hi, Is it possible to spider a specific path without going to any other previous ones? For example, I would like to spider anything after https://example.com/1/2/3/4/* without spidering anything under the 1,2 and 3 folders.

    1 Agent Answer    0 Community Answer
    Jan 22, 2016 08:58PM UTC
  • Confused by "throttle between requests" vs "pause before retry"

    Isn't setting 5000 milliseconds in "Pause before retry" the same thing as setting 5000 milliseconds in "throttle between requests"? Or is "throttle" a cumulative function giving us a delay of 5000 miliseconds multiplied by x where x is then number of failed retries?

    2 Agent Answers    2 Community Answers
    Jan 22, 2016 03:50PM UTC
  • How does Burp know which forms are "login forms"?

    https://portswigger.net/burp/help/spider_options.html writes "Because of the function that authentication plays in web applications, you will often want Burp to handle login forms in a different way than ordinary forms". But login forms could be as simple as <form><input name=a><input type=password name=b></form> How does Burp tell "login forms" ap...

    1 Agent Answer    1 Community Answer
    Jan 22, 2016 03:44PM UTC