Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • macro to replace part of URL

    Hi, I need to test a request similar to /something/<a_different_ID_per_request>/ and need to fetch an valid ID prior to that request. Because the ID is a REST parameter I cannot simply do a macro + session handling rule that requests an valid ID and replaces it in the request being tested because there is no parameter name to match between the requests. Is it possible to achieve this w...

    1 Agent Answer    0 Community Answer
    Feb 02, 2015 03:50PM UTC
  • Integrating Burp and Wireshark

    I'd like to be able to set up Wireshark so it can decrypt HTTPS traffic which is passing through Burp. I know I can export the CA used by Burp but that doesn't help when a per server certificate is in use. Is there a way to get hold of the per server certificate so I can import it into Wireshark?

    1 Agent Answer    2 Community Answers
    Jan 30, 2015 09:50PM UTC
  • How do I generate a report after scanning without issue found

    Dear Support, We have purchased a Burp Suite pro. I used its vulnerability scaner to scan our web server. I could not generate report when no issue found after scanning. I need it to show our management as a proof. Can you advise if it's possible and how to do it if it can be done. Thanks and best regards! Zhang Tao LGA Telecom

    1 Agent Answer    0 Community Answer
    Jan 28, 2015 12:42PM UTC
  • How Do I Supply A Preconstructed Target Site List?

    The BURP documentation says that I should turn the proxy on and then do a bunch of work on my Web app in order to build a list of URLs to put in the Target Site list. I do this and it works fine. I'm concerned, however, that I might not be adding enough URLs to this list by doing this. Let's say I have a list of all the URLs my Web app responds to. Can I manually add these URLs to the...

    1 Agent Answer    0 Community Answer
    Jan 21, 2015 06:16PM UTC
  • Testing through Cisco Smart Tunnel

    Has anyone ever tested an application that required them to use Cisco's Smart Tunnel SSL VPN? This is the quick one liner from Cisco discussing this solution: "A smart tunnel is a connection between a TCP-based application and a private site, using a clientless (browser-based) SSL VPN session with the security appliance as the pathway and the security appliance as a proxy server." ...

    1 Agent Answer    1 Community Answer
    Jan 19, 2015 09:13PM UTC
  • Saving Burp sessions

    Is there a way in Burp to save a set of captured messages and play them back later with fuzzing inserted? That is, once we capture a series of messages to a server, we wish to be able to perform fuzz testing. and we wish to be able to repeat the test later without having to capture and configure the test again. I don't see any way to save a session. There is a 'save Attack' ...

    1 Agent Answer    0 Community Answer
    Jan 15, 2015 08:23PM UTC
  • How to run multiple session while scanning application through Burp?

    While the scanning the application through Burp, I found that if I use multiple threads it is resulting to session errors like (The requested session id appears to be invalid.You may have more than one Task Manager window/tab open) but if I use single thread the scanning is too slow. Can anyone explain me how to assign different session id's to different thread so that I can scan throug...

    1 Agent Answer    0 Community Answer
    Jan 12, 2015 10:39AM UTC
  • Burp Updates

    Normally Burp software indicates when you release a new version. However, since the beginning of the year, I haven't had any alert of a new version. Is there something to configure? Thanks and best regards, Rachel

    2 Agent Answers    1 Community Answer
    Nov 27, 2014 11:23AM UTC
  • Dynamic Websites / Trial

    I was wondering if your tool supports dynamic web sites. Furthermore, some of our website's pages can only be accessed using IE. We currently test our website using IE11, so that version is preferred. Would it be possible to download a trial version of the security scanner it would be even better, as we have tried other tools and all failed due to our websites constraints. Kind regards...

    1 Agent Answer    0 Community Answer
    Nov 27, 2014 11:06AM UTC
  • Burp Manual?

    We're looking into possibly purchasing your product. Is there a good training course or a detailed technical manual in using the full functionality of Burp Suite Pro? Thanks Jane

    2 Agent Answers    1 Community Answer
    Nov 27, 2014 10:59AM UTC