Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Setting proxy.MasterIntercept to 0

    In order to do selective custom scanning area selection using active scanning using my extension, I am trying to set those values using the loadConfig() To do this, I first set the following values to 'false' scanner.testcommandinjection scanner.testcommandinjectionblind scanner.testcommandinjectioninformed scanner.testCsrf scanner.testheaderinjection scanner.testheadermanipula...

    2 Agent Answers    2 Community Answers
    Sep 16, 2015 06:22PM UTC
  • Performing an ActiveScan to perform scan against non-body parameters

    I am currently writing an extension to do perform active scan with manipulated parameters: queueItem = this.callbacks.doActiveScan(this.host, this.port, this.useHttps,baseRequestResponse.getRequest(), scanJob.getOffsets(testCaseParam, baseRequestResponse)); In getOffsets(), we identify which parameters are available and if they match, we get the offse...

    1 Agent Answer    1 Community Answer
    Sep 16, 2015 06:17PM UTC
  • Deleting scanned items

    In older version of Burp Suite, 'Delete Scanned Items' used to exist. that was helpful in clearing the queue. With latest version, that option is not visible(only Hiding is available). As a result , I have to close and start Burp Suite for every scan to avoid displaying scanned items of last scan. Is there any alternative to this ? Thanks, Kunal

    6 Agent Answers    5 Community Answers
    Sep 14, 2015 06:06PM UTC
  • Set socks proxy in headless mode

    I searched the googles and haven’t found any success, does anyone know if its possible to set up the socks proxy parameters with burp in headless mode?

    1 Agent Answer    0 Community Answer
    Sep 11, 2015 07:29AM UTC
  • Session Management

    I want to manage multiple session while scanning the application as scanning the application with multiple thread is giving lot session errors. so I need help regarding the following 1. How to create custom cookie jar 2. How to manage thread scanning the application like how can I tell to a particular thread to use a cookie from a particular cookie jar Thanks in advance...

    1 Agent Answer    0 Community Answer
    Sep 10, 2015 07:08AM UTC
  • XSS in json parameters

    Hello? I have got several XSS issues from the Burp Scanning but they couldn't be exploitable as the response messages have 'Content-Type: application/json' header. I investigated this with old browsers (e.g. IE8) but they didn't execute the script either. In this case, could I say the application is safe from XSS issue? When can this vulnerability still be dangerous...

    3 Agent Answers    2 Community Answers
    Sep 08, 2015 08:39PM UTC
  • Best approach for web-application testing with a webservice.

    The data flow works like this: Browser -> Application -> Webservice -> Application -> Browser I'd like to be able to fuzz the flow where the webservice is sending data back to the application so that I can attack the browser. While I'm aware I can route all traffic through the same instance of Burp, what I need is a passive fuzzing, where I can send the same request f...

    1 Agent Answer    0 Community Answer
    Sep 08, 2015 02:50PM UTC
  • Missing scroll bar in "HTTP history" window

    I have came across this problem few days ago. I am not sure is it because of too many entries in the history. It is quite hassle for me to use to arrow to scroll back and check on some entries. Are there any ways for me to get the scroll bar back?

    2 Agent Answers    4 Community Answers
    Sep 08, 2015 03:20AM UTC
  • Burp Suite Proxy will not intercept the site after Intercept mode is on.

    Hi, Can any one please help me, In my Burp tool i have enabled Proxy - > intercept on but still it is not intercept my site but Target -> site map will show all the action and response. So please help me how to resolve this problem. Note: I'm new to Burp Suite.

    2 Agent Answers    1 Community Answer
    Sep 02, 2015 09:42AM UTC
  • Add all URL in target scope

    Hi, I'm looking for a way to add all URL in target scope. As we can use regex I just put '*' in "Host or IP range" but burp is not agree with that. Which regex can I use to achieve this ? Cheers

    1 Agent Answer    1 Community Answer
    Sep 01, 2015 08:56AM UTC