Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Burp could not obtain file lock of project file

    Hi there, I'm using the 1.7 beta and burp crashed at some point. When I try to open the project burp just says "Could not obtain lock on file : [...] 12345.burp". What can I at this point?

    6 Agent Answers    5 Community Answers
    Apr 18, 2016 01:58PM UTC
  • generating report

    Hi ! I`m very new user of burp suite. i`m using burpsuite professional. I scanned my target address & generated my scanned report form target->sitemap->issue . But there`s a problem i faced that i could`nt open it either type html or xml file. please help me out. Thanks in advance....

    4 Agent Answers    3 Community Answers
    Apr 17, 2016 06:13AM UTC
  • Setting 2 Payloads positions with the same payload simultaneously

    Hey, Is there a way to set two (or more) Payloads positions with the same payload that will run simultaneously (while having other payload positions)? Now I can have the same settings for the 2 payloads positions: (for example running from 1 to 3), this is what I will get: var 1 | var 2 1 | 1 2 | 1 3 | 1 ... 2 | 3 3 | 3 Th...

    1 Agent Answer    0 Community Answer
    Apr 14, 2016 09:40PM UTC
  • How to intercept responses from Oracle ADF

    I am trying to intercept traffic on an application that has been built using Oracle ADF. I am observing in the Proxy history that some URLs are being rapidly replaced/deleted. When they get replaced, it looks like there is a redirect from URL A to B to C, but URLs A and B are not showing in the history and only URL C is showing. Also, some URLs show up for a fraction of a second and then disappear...

    3 Agent Answers    2 Community Answers
    Apr 14, 2016 06:56PM UTC
  • Addressing XSS vulnerability in window.location.hash?

    When we ran a security scan, the report unearthed the following vulnerability: newHash=window.location.hash; newHash=newHash.split(/_/); $("#"+newHash[1]).siblings().css('display','none'); We addressed it in the following manner: newHash = window.location.hash; newHash = newHash.split(/_/); //we encoded each string in the array derived from splitting...

    1 Agent Answer    0 Community Answer
    Apr 09, 2016 01:24AM UTC
  • Can an attacker bypass this XSS filter?

    I have a classified site, I was wondering if this is secure enough or not, between I got this filter from a friend of mine. var a = window.location.hash.replace(/[^\w\-#]/g, "_"); a = a + ".expandable"; if (0 < jQuery(a).length) { a = jQuery(a).find(".exw-control"); if (0 < a.length) a.trigger("expand",null); } It looks like the first li...

    0 Community Answer
    Apr 08, 2016 10:02PM UTC
  • Capturing traffic from my iphone for apps like Facebook, OLA cabs

    Hello, I am new to Burp and I installed and used burp for my basic apps. I was able to capture everything for those apps. But whenever I try to use burp for apps like Facebook or OLA cabs in iphone, i am unable to capture anything. Even I tried to capture on android but unable to capture Facebook https traffic. How I should able to see FB or OLA cabs https traffic in Burp? Is it possible or n...

    1 Agent Answer    0 Community Answer
    Apr 06, 2016 03:30PM UTC
  • [Error Connection Refused] SocketException: connection refused.

    Hi: When i acces to some web with the proxy activated, BurpSuite intercept the request. But when i press "Forward", appear a error on the navigator: "Error. Connection refused". What can i do? Thanks!

    2 Agent Answers    4 Community Answers
    Apr 06, 2016 08:58AM UTC
  • Target Address

    Hi, I`m new user. Can i use IP address instead of urls as target?

    2 Agent Answers    1 Community Answer
    Apr 06, 2016 08:36AM UTC
  • How to exploit external service interaction in real world applications?

    Hi, I found a web application that made a dns lookup to burp collaborator but i don't know what is the direct exploitation scenario? Should we consider it SSRF vulnerability ? What is the real risk? Thanks

    1 Agent Answer    1 Community Answer
    Apr 04, 2016 04:03AM UTC