Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • use 32-bit JVM

    I am wondering if I am using wrong version JVM or Burp Suite. Recently our organization renewed the Burp Suite Professional v1.6.21. In account to that I see an alert message each time I launch as "You appear to be using 32-bit JVM. Please note that some planned Burp features will not be fully supported on 32-bit systems." I have verified the Java installed on my Win 7 64-bit system is c...

    1 Agent Answer    1 Community Answer
    Aug 05, 2015 02:14PM UTC
  • ASP.NET forms authentication login redirect

    Can Burp Suite support a login redirect where the login page is not within the scope? I have a /Employee and a /Customer area within my ASP.NET MVC application. For ease of development, the login URL in Web.config is /Customer/Account/Login. For our scanning requirements I would like to be able to use Carbonator and point it to /Employee/Home which is a landing page with links out to all the ...

    1 Agent Answer    0 Community Answer
    Aug 02, 2015 03:58PM UTC
  • Internal VA

    Hi there, I am doing some Internal VA scan. What is the difference between External VA scan and Internal VA scan.What are the most common things to look out for. What are the most common web host used by a mid to large size enterprise. How is it possible to disable brute force and denial of service attack in burpsuite pro. Can Burpsuite check for the TLS/SSL version that is being used?

    0 Community Answer
    Jul 31, 2015 09:48AM UTC
  • Site Map Data populations

    Hi All, I have a question related to site map. As per "https://portswigger.net/burp/help/target_sitemap.html", Site Map Views can be created by "The left-hand-side tree view contains a hierarchical representation of content, with URLs broken down into domains, directories, files, and parameterized requests" But recently I have observed that when URL contains same domain ...

    1 Agent Answer    0 Community Answer
    Jul 28, 2015 11:42AM UTC
  • Burp API Support for Selecting Active Scanning Areas

    Hi There, I was looking through the API and I couldn't find support for passing in values for Active Scanning Areas. So if I wanted an active scan to be performed with only some of these areas selected: sqlInjection osCommandInjection serverSizeCodeInjection xssReflected xssStored pathTraversalManipulation externalInteraction httpHeaderInjeciton xmlInjection soapInjection csrf ...

    1 Agent Answer    1 Community Answer
    Jul 27, 2015 08:30AM UTC
  • Stored XSS - detection tweaks

    Hi, Usually, when I'm going through some wizard, e.g. "Create new XXX", all that is required is to create new item XXX is to do a simple POST with all data included. I can then send this POST into the Burp and run active scan. It does populate DB with plenty (thousands) of new entries (which I wanted to achieve). However, if I want to scan for the persistant issues, like stored...

    1 Agent Answer    0 Community Answer
    Jul 24, 2015 06:41AM UTC
  • No UI after launching BUrp from command line

    When I try to launch Burpsuite v1.6.01 from my 32-bit Ubuntu-12.04LTS, it shows message "Proxy:Proxy service started on 127.0.0.1:8080" but no UI is displayed means Burpsuite App is not launched. -My PC has a second partition in which I have installed Windows 7. -I have downloaded burpsuite from official site "burpsuite_free_v1.6.01.jar". -I am using command "sudo ja...

    2 Agent Answers    2 Community Answers
    Jul 23, 2015 11:54AM UTC
  • Proxy (VPN) Help [URGENT]

    Hello, I've got Burp Suite Professional and I've got a test Process here for my Website, that it attempts a combination of a specific E-Mail and a bunch of Passwords. However, I've put it (on my Website), so if the user inputs 10 times the wrong Password, you can try again in 30 Minutes. Is it possible to insert some kind of Proxy/VPN to Burp Suite, so every 10 attempts, switch I...

    1 Agent Answer    0 Community Answer
    Jul 22, 2015 11:00PM UTC
  • the restoreState() function gives a runtime error

    I'm developing an extension that pulls back a list of saved burp states into a table. I'm trying to get the application to restore the burp state when one of these items is clicked. Unfortunatly Burp is giving me a runtime error when the file is accessed. I'm even manually added the path to a known file and still get same error. Any idea what i'm doing wrong here? Here is my...

    4 Agent Answers    2 Community Answers
    Jul 20, 2015 04:53PM UTC
  • Burp Collaborator - Wildcard certificate problem

    Hi all, I have an internal collaborator Server up and running on a physical server with the following config: { "serverDomain" : "collaborator.test.com" "eventCapture" : { "https": { "hostname" : "collaborator.test.com" } }, "polling" : { "https": { "hostname"...

    3 Agent Answers    1 Community Answer
    Jul 18, 2015 07:27AM UTC