Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Validating XSS manually

    When I select the XSS vulnerability which Burp's scanner found, under "Request" I select "Show in Browser". Under the browser, I get the Javascript alert pop out. However, if I copy / paste the same exact URL (which has the JS script in it) and paste it outside the testing VM I am using which has Burp installed, nothing happens, regardless of the browser used. I am won...

    4 Agent Answers    4 Community Answers
    Nov 01, 2015 05:40PM UTC
  • XSS validator not working

    I am having some issues running the XSS validator on Burp (version 1.6.30). I can load the XSS validator, without any errors. The problem happens under Intruder, after I select the positions / payloads / selecting the generator, and so on. When I hit "Start attack", a window opens, but the attack does not start. It is as if the payloads are not loaded, or the XSS validator is not wor...

    1 Agent Answer    2 Community Answers
    Nov 01, 2015 05:16PM UTC
  • Access Request panel from Intruder | Positions subtab using Swing

    I am trying to add intruder request using Jemmy automation. I can find all components under Intruder | Positions subtab except the main request text area. I tried to dump all the compnents and look for the specific area but it looks like there is no way to access the request text box as swing compnent. Could you please help finding the specific compnent?

    1 Agent Answer    0 Community Answer
    Oct 27, 2015 11:08PM UTC
  • Problem with HTTPS

    Hello, I can't intercept HTTPS traffic. The burp error is "'The client failed to negotiate an SSL Connection to www.xxxx.xx:443 no cipher suits in common''. I tried with different browsers, I know that with java 6 it works, but I use java 8, can you explain me why it doesn't work in java 8? How can I fix it? Thanks!

    1 Agent Answer    0 Community Answer
    Oct 27, 2015 02:00PM UTC
  • Report

    Team, Currently we are able to get report of identified vulnerabilities. But we want to get Clearance Report as well. Like If we have no vulnerabilities identified then We want a Clearance report That No issue identified etc.. or if there are few issues identified then Report should mention That Following are the Vulnerability Identified and alo list all Issues that are Cleared Tha...

    2 Agent Answers    1 Community Answer
    Oct 26, 2015 11:20AM UTC
  • App ignoring system proxy settings?

    I've looked at the first 5 pages of this Support Center and the closest I see to my problem is here (http://forum.portswigger.net/thread/1557/burp-displaying-webgoat). If this has been answered, or this is the wrong area to post, I apologize. But I'm beating my head to the desk trying to figure this out. I'm trying to scan a Java-based web app. The proxy is working. I know this ...

    1 Agent Answer    0 Community Answer
    Oct 20, 2015 07:25PM UTC
  • List Burp Proxy Listeners

    Greetings, Quick question - how would one obtain a list of every Proxy listener currently configured within Burp using the BurpExtender API? I've tried leveraging the callbacks.getProxyListeners method: https://portswigger.net/burp/extender/api/burp/IBurpExtenderCallbacks.html#getProxyListeners() But as far as I can tell it returns an empty result despite having 127.0.0.1:8080 regis...

    1 Agent Answer    2 Community Answers
    Oct 20, 2015 06:28PM UTC
  • Binding burp to a low port

    I am trying to do some invisible proxying through burp, but this requires binding burp's proxy to ports 80/443 which requires root privileges. However, if I run burp as root, it asks for another license. I am wondering if there's a way to bind to low ports without having to burn a license.

    1 Agent Answer    0 Community Answer
    Oct 19, 2015 10:30PM UTC
  • Proxy works only on 127.0.0.1

    Hello, I'm trying to configure my proxy to work on other IPs than 127.0.0.1, but the browsers refused to connect to other ips than 127.0.0.1. I didn't see any errors, and I verify that the proxy is connected and running via the alerts tab. I'm running McAfee and have Windows 7, the laptop is HP. Any ideas? Thanks!

    1 Agent Answer    0 Community Answer
    Oct 19, 2015 09:11PM UTC
  • unable to use burp suite

    After set all the things...when i open any site....it is showing error...."The proxy server is refusing connections" please help me to resolve it

    1 Agent Answer    0 Community Answer
    Oct 18, 2015 01:23PM UTC