Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Proxy history without intercept

    Hi, the documentation does not say whether it is possible to record proxy history with the intercept feature turned off. For my research project we only need the history, we'll never use the intercept feature and it would make our experiments prohibitively slow. It would be great if someone could clarify how this works. Thanks.

    1 Agent Answer    0 Community Answer
    Apr 16, 2015 11:05PM UTC
  • Scan errors in Burp

    I ran an active scan using Burp. The scan was abandoned due to multiple errors. I would like view the error logs so that I could figure out what went wrong. How do I check these errors?

    1 Agent Answer    0 Community Answer
    Apr 15, 2015 04:14PM UTC
  • Form Submission

    I am spidering a website and opted for manual form submission. Question 1: In the submit form dialog, I can see hidden fields also expecting an input from us (there is no default value as well). In a typical browser based FORM post, these hidden values will be automatically passed with appropriate values. so, in this case, what values should be given as we arent aware of the values ? Que...

    1 Agent Answer    0 Community Answer
    Apr 15, 2015 08:12AM UTC
  • Detection of Cross Site Scripting

    I recently used Burp Suite to perform a XSS scan. A reflected XSS vulnerability was reported. When I reviewed the request and response I noticed that the supplied input is exactly echoed in the output. Case 1 Two inputs below Input and Output: f1466'style='behavior:url(#default#time2)'onbegin='alert(1)'31b9b Input and Output: 508e9"-alert(1)-"dcc3a ...

    1 Agent Answer    0 Community Answer
    Apr 15, 2015 05:59AM UTC
  • Utterly unclear on the purpose of spider

    My impression is that spider expands the sitemap as it crawls, aided by its form submission abilities, etc. But after I spider my entire host, I notice that manual active scanning the entire host does not make a difference in the number of URLs populating the scan queue, compared to just actively scanning the host alone without spidering first. So does spidering not increase the number of ...

    1 Agent Answer    0 Community Answer
    Apr 14, 2015 03:21PM UTC
  • How do I clear all site maps/proxy history etc. quickly?

    I can't find a simple way of clearing all the history quickly - I need to reset settings, select all targets, clear, select all proxy history, clear. Is there not a one button way to do this?

    2 Agent Answers    1 Community Answer
    Apr 13, 2015 01:42PM UTC
  • How to insert Intruder payloads before original parameter value

    Hello, I'd like to insert Intruder payloads before original parameter value. The purpose of this is to assess an application which checks the first fixed numbers of letters in a parameter value. Could you give me any advice? Regards, tosebro

    1 Agent Answer    1 Community Answer
    Apr 10, 2015 08:21AM UTC
  • JSON and form-urlencoded encoded payloads in Burp Intruder

    The application I'm running a security assessment on encodes POST requests as a URL encoded parameter containing JSON. e.g. bar={"options"%3a{"key"%3a"26b678c6-1d75-41c0-8a20-d9882828c76c","description"%3a"Foo"...<snip>&key=26b678c6-1d75-41c0-8a20-d9882828c76c Is there a way to automatically encode payloads using Burp for us...

    2 Agent Answers    2 Community Answers
    Apr 09, 2015 01:09PM UTC
  • Installing Burp's CA Certificate in an Headless Android Emulator

    Hi, I am using an headless android emulator with API leve 19 on amazon ec2 ubuntu instance. Can you please with installing Burp's CA certificate in an headless android emulator ? Thanks, Chhagan Mathuriya

    2 Agent Answers    1 Community Answer
    Apr 09, 2015 09:40AM UTC
  • save proxy message

    is it possible to save request and response contents into file programmatically ? like manually we can do by HTTPHISTORY tab->right click and select save item to save the message contents into specified file can it be done through burp extension if so how to achieve it?

    1 Agent Answer    0 Community Answer
    Apr 09, 2015 05:49AM UTC