Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Don't quite get the meaning of "iterate all values of submit fields"

    What does "Spider >> Options >> Form Submission >> Iterate all values of submit fields" do? I've read https://portswigger.net/burp/help/spider_options.html : "Many forms contain multiple SUBMIT elements, which result in different actions within the application, and the discovery of different content. You can configure the Spider to iterate through the value...

    1 Agent Answer    1 Community Answer
    Jan 22, 2016 03:40PM UTC
  • Cannot set spider link depth to zero.

    https://portswigger.net/burp/help/proxy_options.html#interception writes that "Spider >> Options >> CrawlerSettings >> Maximum Link Depth" accepts zero values: "A value of zero will cause the Spider to request seed URLs only" However, when I try to set the value to zero, the UI says "invalid value". How do we set it to zero?

    3 Agent Answers    0 Community Answer
    Jan 22, 2016 03:21PM UTC
  • Adding items into site map

    Good afternoon, I see that there's a way to delete items in the site map. But how can we Add items into this site map manually? For example, I would like to add the request "http://example.org/a/b/c?d=e" into the site map. Best regards

    1 Agent Answer    0 Community Answer
    Jan 22, 2016 03:17PM UTC
  • Export "Certificate in DER format" vs "Private key in DER format"

    I'm confused by two options in "Proxy>>Options>>Export CA Cert". What is the difference between "Export Certificate in DER format" and "Export Private key in DER format"? 1. If I "Export Private key in DER format", what program do I use to open this file? 2. Isn't the private key also within the "Export Certificate in DER ...

    2 Agent Answers    1 Community Answer
    Jan 21, 2016 11:12PM UTC
  • Where is the physical location of the "CA Cert" Burp uses?

    Under https://portswigger.net/burp/help/proxy_options.html#listeners_requesthandling it states"Burp creates a unique, self-signed Certificate Authority (CA) certificate, and stores this on your computer to use each time Burp is run" Where is the physical location (on the file system) of this cert that Burp uses?

    2 Agent Answers    1 Community Answer
    Jan 21, 2016 09:50PM UTC
  • Binding proxy to "127.0.0.2"

    How can I bind to "127.0.0.2" ? under "specific address" option, there is no such pre-populated option. Also the UI does not have a way to manually input "127.0.0.2".

    1 Agent Answer    0 Community Answer
    Jan 21, 2016 09:42PM UTC
  • Proxy unable to bind to "all interfaces"

    I'm able to bind to "all interfaces" if I use port 8081. Or 8082. Or 808 or anything for that matter. But if I try to bind to "all interfaces" using port 8080, it fails. (UI doesn't allow me to tick the checkbox under the column "Running".) What is causing this problem? Why am I unable to bind to "all interfaces" using port 8080?

    2 Agent Answers    3 Community Answers
    Jan 21, 2016 09:20PM UTC
  • How does "Remove all JavaScript" work?

    Does it only scan the response for <script></script> tags and remove those from the response? What about stuff like <input onclick="alert(1);"> And also, how does the removal work when faced with unequal opening and closing script tags like: 0 <script>1<script>2</script>3</script>4

    1 Agent Answer    0 Community Answer
    Jan 21, 2016 08:39PM UTC
  • Burp is intercepting while "Intercept off".

    I have intercept set to off. However, Burp is still intercepting my responses. This can easily be tested and verified by ticking some of the entries in Proxy>>Options>>Response Modification. Burp is clearly intercepting (and modifying) my responses even when intercept is off. Why is this happening and how can we fix this?

    1 Agent Answer    0 Community Answer
    Jan 21, 2016 08:33PM UTC
  • Spider request queue not stopping.

    Hi, I have stopped the spider from running and cleared the queues. This was roughly 30 minutes ago. However, more and more requests are still getting queued. Why is this happening and how do I stop it?

    4 Agent Answers    3 Community Answers
    Jan 21, 2016 08:26PM UTC