Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Private Collaborator Server Refuses requests

    I am trying to setup a private Collaborator server, and am running into issues with the DNS server. The server starts up fine; listening on port 80, 443, and 53. However, when I run a "netstat -plntu" on the server port 80 and 443 are in the listen state, but not 53: Proto Recv-Q Send-Q Local Address Foreign Address State tcp6 0 0 ...

    3 Agent Answers    3 Community Answers
    May 13, 2015 07:01PM UTC
  • Spidering + Form Submission

    I am spidering a website. While spidering I have selected "Automatically submit using the following rules to assign text field values" I have given a field name and field value and enabled it to be submitted. If there appears a value that is not in the list that I have given and let us assume I have not defined/selected "Set unmatched fields to:" field as well. In that c...

    2 Agent Answers    2 Community Answers
    May 13, 2015 07:17AM UTC
  • WCF binary decode failure

    I'm testing a fat client application that passes all its traffic through SSL, WCF binary encoded. It also looks like it is being compressed (Content-Type: x-deflate) which adds another level of PiTA. I'm using the "WCF Binary Helper" extension (props to Brian Holyfield and Nick Coblentz), which has worked fine for all applications that I have previously tested that use this met...

    2 Agent Answers    1 Community Answer
    May 12, 2015 01:45AM UTC
  • Dark/Alternate Java Look and Feel

    Hello, Is there any way to change the look and feel to anything other than the four in options? If not, are there plans to implement the dark metal/nimbus themes? Thanks! Colin

    2 Agent Answers    2 Community Answers
    May 11, 2015 04:48PM UTC
  • How do I change a http header value for active scan with stored state file?

    Hi, One of applications I am testing is using authorization header for authentication. I stored the state and want to use it for active-scan next time. Would you advise me how to change the authorization header value in stored request messages? Thank you in advance.

    1 Agent Answer    2 Community Answers
    May 06, 2015 03:26PM UTC
  • Report on CSRF Vulnerabilities

    Hello. I am trying to learn Burp Pro after one of my colleagues left without leaving much information around the Burp testing he had done. I have an application with a known CRSF vulnerability AND an older Burp report indicating the CRSF vulnerability. I am trying to reconfigure the Burp environment and regenerate the report, but without any luck. I can replicate the other vulnerabilities, but...

    1 Agent Answer    0 Community Answer
    May 05, 2015 06:12PM UTC
  • Web pages don't load through proxy, is this normal?

    My problem is something I expected to be rather common, but apparently not. I have set up Burp Suite with Firefox and have used all the correct settings, and it is connecting to the proxy on 127.0.0.1:8080. The Burp Suite software is able to see the pages I try to visit in the browser and can give me some basic information about it, however in my browser the page is just loading indefinitely an...

    2 Agent Answers    1 Community Answer
    May 03, 2015 10:54PM UTC
  • How do I change the user-agent string that the scanner sends in requests

    I want to scan the mobile pages of my web application. In order to do this I need the change the user-agent to emulate a phone. Is there a way to do this? Thanks!

    1 Agent Answer    2 Community Answers
    May 01, 2015 11:15PM UTC
  • Viewing VIEWSTATE in responses as well as requests

    The "Viewstate" tab shows up on requests with VIEWSTATE in them, and decodes them nicely. I can't seem to get it to show up for responses though. Whilst the next request nearly always contains the previous response, it would be good to be able to see it natively.

    1 Agent Answer    0 Community Answer
    Apr 29, 2015 12:08PM UTC
  • How do I send multiple requests at one time?

    I want to take a single request, let's say a POST request to google.com. I want to send, let's say, five requests almost parallel with each other.

    2 Agent Answers    1 Community Answer
    Apr 28, 2015 04:47AM UTC