Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Can I add more scans to SQLi or XSS scans which are run by Scanner?

    I want to configure Burp a bit more. As I understood, in Scanner / Options I can select the Active Scanning Areas. Is there a way to add more e.g. SQLi, or XSS to what already is checked? Where can I see the list of Payloads which are injected in Scanner? Are these the same as in Intruder / Payload Options? Can there be something done with the Issue Definitions or is it informational? T...

    1 Agent Answer    0 Community Answer
    Feb 19, 2016 09:21AM UTC
  • Compare site maps with a Authorization: Basic value

    I want to do a comparison with different privileged accounts. For Site Map 2 I want to "Request map 1" with a new cookie. In the Options > Sessions I added a "Use Cookie from Cookie Jar" for Target. But there is a header "Authorization: Basic xxxx" which I have to change, too. I didn't find a way to change a header in the Session Handling Rules. I can add a...

    1 Agent Answer    0 Community Answer
    Feb 18, 2016 02:21PM UTC
  • Problem with Digest authentication

    Hi, We have a web application which consist of both web pages without authentication and web pages that uses Digest authentication. When we add the platform authentication credentials to Burp Suite the Scanner test doesn't complete the testing of web pages not using Digest authentication. In the Scan queue tab the status ends up telling "abandoned - too many errors (XX% complete)"...

    2 Agent Answers    1 Community Answer
    Feb 18, 2016 08:58AM UTC
  • handshake_failure

    I'm running burp v1.6.36 and using a client ssl certificate to authenticate to secure web pages. I am receiving the error handshake_failure when attempting to access and sites that require the client cert. I am using java 1.6.0_41-b02. Below is what I have tried to resolve the issues with no success. Install Java Cryptography Extension (JCE) by by copying the loca_policyl.jar and US_e...

    1 Agent Answer    1 Community Answer
    Feb 17, 2016 06:54PM UTC
  • Reporting only on POST not GET methods? (Scanner)

    Hi, After running a passive scanner session I have hundreds and hundreds of potential CSRF 'missing anti-CSRF token' (so far in reality they are all false positives and the anti-CSRF token is just contained with some other data e.g. uifsid=0&_csrf= (the _csrf is the anti-CSRF token)). Anyhow, what I really would like to be able to do is report only on POST methods and not GET met...

    1 Agent Answer    0 Community Answer
    Feb 17, 2016 05:05PM UTC
  • Customize the report output?

    Is there an easy way to customize the report output to include my Company Name and Logo at the top of the report? I have tried to create a word template for use with report-ng but cannot get it to work. Thanks in advance!!

    1 Agent Answer    1 Community Answer
    Feb 17, 2016 03:45PM UTC
  • unlimited "number of retries on network failure"

    How can I set Intruder's "number of retries on network failure" to unlimited? I see that currently I can only set it to 20 max before I get an error.

    1 Agent Answer    0 Community Answer
    Feb 16, 2016 09:51PM UTC
  • Items already scanned

    Are there any ways to highlight the items that have already been scanned manually or with active scanning?

    1 Agent Answer    1 Community Answer
    Feb 16, 2016 09:25PM UTC
  • "Report selected issues". is not visible in burpsuite_free_v1.6.32 version

    After scanning I am not able generate the scan report followed the following steps: To generate a report of your scanning, collapse the tree view of the application's contents. Then select the top-level domain entry for the application. Then right-click to show the context menu, and select "Report selected issues". Does this feature not available in free editon of burpsuite_fre...

    1 Agent Answer    0 Community Answer
    Feb 15, 2016 11:58AM UTC
  • Regex Active Scanner

    Hello, I am a bit struggling to set a regex to match for filetypes and avoiding the Active Scanner to scan files like jpg/css/gif and so on. I created a rule like the to exclude URL path filenames with regext \.jpg$ but it doesn't work, when I browse to the page and have the scanner to automatically scan, start to scan the jpg files as well. Could you suggest me how to handle this exclus...

    2 Agent Answers    3 Community Answers
    Feb 14, 2016 11:14AM UTC