Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Session handling rules - cookie not set for POST request

    I have set up a session handling rule that sends a certain cookie for all requests to a certain domain. What I have found however, is that that the cookie will be sent on all GET requests to the domain, but not sent with POST requests. Is this the intended functionality? Is there a way to force it to send with POST requests as well? I have tested that the cookie is being sent by using the Session...

    1 Agent Answer    0 Community Answer
    Aug 18, 2015 09:51PM UTC
  • Bad Request 400 Error

    On Intercepting my Asp.Net application in the place of Http/1.1 with Http/1.1 200 OK it is showing bad request error.What should I do to redirect this to default error page.I have already Http errors and Custom error in web.config file .If any one is having solution,please help me.Thanks in advance.

    1 Agent Answer    0 Community Answer
    Aug 18, 2015 10:11AM UTC
  • [iOS 8] The client failed to negotiate an ssl connection to ......

    Hi there, I got this error even when I followed this link https://support.portswigger.net/customer/portal/articles/1841109-Mobile%20Set-up_iOS%20Device%20-%20Installing%20CA%20Certificate.html and installed the Burp CA certificate. There are no errors when I am browsing on safari on Burp proxy. However, when I tried using other mobile apps such as Facebook native app which requires ssl co...

    2 Agent Answers    1 Community Answer
    Aug 17, 2015 03:28PM UTC
  • Estimating time taken for Application security testing

    Though not related to Burp Suite, thought of posting here so that some one could share their thoughts I would like to do some kind of estimation for time taken to scan a website using Burp Suite. I will be testing websites against OWASP Top 10 From Burp suite, we can identify Number of static/dynamic URLs, Total and unique Number of parameters in a website. Number of insertion points, Tests ...

    3 Agent Answers    2 Community Answers
    Aug 17, 2015 01:17PM UTC
  • What is the best way to handle SQL Injection errros reported by BURP in a PHP – Apache environment?

    BURP suite is reporting SQL Injection errros, whats best possible way to handle those errors in a PHP – Apache environment.

    1 Agent Answer    0 Community Answer
    Aug 17, 2015 08:37AM UTC
  • Database scanning

    Is Burpsuite capable of performing vulnerability scans against databases ? I have seen and there is no option, but just wanted to confirm with the experts. Also, do we have a security standard for databases as we have OWASP/SANS etc for web applications ? Could some one suggest a tool/software that could perform vulnerability scanning against databases ?

    1 Agent Answer    1 Community Answer
    Aug 12, 2015 01:06PM UTC
  • How to do POC for PRSSI vulnerability

    How to do POC for PRSSI vulnerability ??

    2 Agent Answers    1 Community Answer
    Aug 07, 2015 06:32AM UTC
  • How do i replace a value that is sent in multi-part/form-data body of a request?

    Dear all, I have the following Form data, that is sent through HTTP POST to a site: -----------------------------10935559812996 Content-Disposition: form-data; name="form_id" 1620306976 -----------------------------10935559812996 Content-Disposition: form-data; name="ParameterWhichValueIsToBeChanged" blabla -----------------------------10935559812996 Content-Di...

    1 Agent Answer    0 Community Answer
    Aug 06, 2015 12:58PM UTC
  • Burpsuite is not starting

    When I try to launch Burpsuite v1.6.01 from my 32-bit Ubuntu-12.04LTS, it shows message "Proxy:Proxy service started on 127.0.0.1:8080" but no UI is displayed means Burpsuite App is not launched. -My PC has a second partition in which I have installed Windows 7 [64-bit] -I have downloaded burpsuite from official site "burpsuite_free_v1.6.01.jar". -I am using command "...

    1 Agent Answer    0 Community Answer
    Aug 06, 2015 05:01AM UTC
  • Collaborator Log Messages

    We are testing a private collaboration server that is exposed to the Internet. When I came back from lunch I saw this in the console: 2015-08-05 12:40:12.508 : Request received: 9869010000010000000000010233340233300234360332303707696E2D6164647204617270610000FF0001000029FFFF000000000000 2015-08-05 12:40:12.513 : Sending response: 2015-08-05 12:40:12.514 : 986981050001000000000000023334023330...

    1 Agent Answer    1 Community Answer
    Aug 05, 2015 06:20PM UTC