Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Scanning cloud-enabled application

    Hello, We have a web application that is deployed as cloud-enabled application and using CDN. This can be accessed only by hostname and not using IP address. This hostname resolves to 3+ different IP address. Direct access to the application without CDN is also not possible Question 1: Can we scan such applications using Burp ? Question 2: Will there be any impact if IP changes while s...

    1 Agent Answer    0 Community Answer
    May 28, 2016 09:08AM UTC
  • Confirming XSS high certain

    Hi, Burp scanner is detecting an XSS (high certain) with the following GET request and response: Request: /CGI/…. &CategoryID=123"onload%3d"alert(1)"456&CategoryName=Retail HTTP/1.1 Response: <LINK rel="canonical" href="https://SITE/CGI/....&categoryid=123"onload="alert(1)"456&CategoryName=Retail"/><!-- Canoni...

    4 Agent Answers    3 Community Answers
    May 26, 2016 08:29PM UTC
  • Records not being added during scan

    Good morning! My group just downloaded Burp onto my computer, so I don't know too much about it... I've tried watching tutorials and someone from another office gave me a brief overview on how to set up the scan, but it doesn't seem to be working the way it should. My programmers tell me the scan normally inputs hundreds of records, but every time I run a scan, they only get error m...

    1 Agent Answer    0 Community Answer
    May 25, 2016 12:48PM UTC
  • Burp - Intruder path traversal with list

    Hi, I am using the Burp Suite Professional v1.7.02beta, and I was wondering if it possible to do a path traversal with the Intruder, especially with a list? In fact, I want to use the Payload Processing with a wordlist, to work with the path traversal option. Regards, John.

    1 Agent Answer    0 Community Answer
    May 25, 2016 11:30AM UTC
  • Running Checkbox not Working

    Hi, I am using Burp Suite 1.7.03 professional Version. in proxy option and proxy Listeners section my Interface (127.0.0.1:8080), Running Check Box is not checked, I tried to click the CheckBox but nothing to show. pls help me. I already checked proxy settings of web browser, still I am unable to checked on it.

    6 Agent Answers    8 Community Answers
    May 23, 2016 11:26AM UTC
  • new burp configuration saving

    hi, New burp has new feature to select project and configuration while starting burp and I am not being able to use properly. In the past , it was easy, i used to change/ add my proxy port, edit some settings as default and every time start it used to load it. Now im not getting that. each time i have to make my changes after starting burp. I tried saving user option and even project. But i am ...

    1 Agent Answer    0 Community Answer
    May 19, 2016 03:23PM UTC
  • Configuring Macro Item

    I am trying to configure a login Macro and in the Macro Editor, Under the Macro Items, I have added sequence of URLs to be executed (I took this from Proxy) I click on one of the URLs and select, 'Configure Item'. In the 'Configure Macro Item', under 'Cookie Handling' I can see two options - Add cookies received in responses to the session handling cookie jar&#...

    1 Agent Answer    0 Community Answer
    May 19, 2016 10:23AM UTC
  • handling noscript

    Hi, I've come across an application that adds the following to all reponses: <noscript> <meta http-equiv="refresh' content="2;url=/somepath/no_script.jsp"> </noscript> This has as a result that all responses which are not viewed in a browser get redirected to an error page which states that I need a javascript enabled browser. If I use the sca...

    2 Agent Answers    1 Community Answer
    May 18, 2016 09:35AM UTC
  • A big problem.

    In the command prompt, you are supposed to type java -jar -Xmx2G /path/to/burp.jar but when I typed it and hit enter, it said 'Error: Unable to access jarfile /path/to/burp.jar' In the file I downloaded, there is no jar file either. I downloaded multiple times and still nothing,

    1 Agent Answer    0 Community Answer
    May 15, 2016 05:52AM UTC
  • Set request timeout in Intruder

    I have a target parameter that includes an IP address -the web application takes the IP address and tries to make a connection to it. If the IP address is valid the response should return very quickly. If it is an invalid IP, the application can take several minutes before it times out trying to connect. I am using Intruder to scan for internal IP addresses using this parameter. Is there any w...

    1 Agent Answer    0 Community Answer
    May 12, 2016 09:17PM UTC