Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • manage authentication of application which is using JWT authentication method.

    I am strruggling with application which is using JWT for authentication, its keep on prompting for authentication failure. Can you provide complete manual to handle the situation.

    0 Community Answer
    Feb 27, 2018 11:57AM UTC
  • Don't allow Set-Cookie to add cookies to Requests

    Hi, I have a scenario and only discovered when using Logger++. When using the Burp scanner, the response will give a 400 straight away because the HTTP request is too large (Multiple Cookies). The repeater works multiple times with 200 response but for some reason the Scanner gets hit with the 400 response and the HTTP requests has bunch of cookies. Can I force the Scanner to use just the or...

    1 Agent Answer    0 Community Answer
    Feb 26, 2018 04:03PM UTC
  • How do i SAVE the ongoing Scan?

    Hi all, I've noticed the Burpsuite is discouraging the usage of the "Legacy State" files. But then when i tried to use "Project State" files instead, my previously ONGOING scan states aren't resumed anymore. In fact the whole thing becomes empty. What is the best advised way to SAVE the current ongoing state of the scan please? Thanks all. Regards, Arkar

    1 Agent Answer    0 Community Answer
    Feb 26, 2018 10:44AM UTC

    Information ------------------------------------------------------------ Version : Burp 1.7.32 (Professional) Burp Proxy Server : Kali Linux Certificate : Android Device 7.0 (Nougat) Issue ---------------------------------------- NET::ERR_CERT_VALIDITY_TOO_LONG Tested using chrome, if using firefox it cannot open the URL in secure protocol. when using normal protocol / HTTP it'...

    2 Agent Answers    1 Community Answer
    Feb 23, 2018 07:55AM UTC
  • error proxy

    I've been trying to set up the burp suite, but no matter what I do it always gives error. I open the browser and say that my connection has been interrupted or my browser is not authorized to use the proxy, it always asks me to remove this proxy from my machine. I've done everything, I took the firewall, enabled the proy settings all as the instructions ask, I've already downloaded ...

    1 Agent Answer    0 Community Answer
    Feb 23, 2018 01:33AM UTC
  • Can I customize the information stored in the project file?

    Hi there! I have created 2 macros that have registered about 5 items. By a session handling rules, I have run one macro before scanning and another macros running after scanning. Then, the project file have become very large capacity. (When the scan status was 5%, the project file was about 120 GB.) [Question 1] Can I customize the information stored in the project file ? [Question ...

    2 Agent Answers    1 Community Answer
    Feb 22, 2018 07:31AM UTC
  • Intercepting Traffic

    I have a problem and I hope you can assist me. My burp suite can successfully intercept both http/https originated from my browser (CA already installed) but whenever I try an arpspoof attack it doesn't intercept anything although I can see it in Wireshark for instance. Furthermore, I am getting error in the Alert tab saying that "the client failed to negotiate an SSL connection to.....

    1 Agent Answer    0 Community Answer
    Feb 20, 2018 10:57AM UTC
  • Dropping requests to specific domains or hostnames without the Out-of-scope feature

    I have a handful of hostnames / domains that I want requests to those domains dropped. Most of the requests are automated in nature e.g. browser requests to ^detectportal\.firefox\.com$ or ^apis\.google\.com$, hence, they are relentless. Is there a 'clean' way to make Burp drop requests to these domains so they never get completed? My current way of doing this is not too elegant...

    2 Agent Answers    1 Community Answer
    Feb 20, 2018 04:43AM UTC
  • Intercepting Android version 8.1 HTTPS Traffic

    Hi there, I have a rooted Nexus 5x (Magisk rooted) with Android 8.1 installed. I have been trying to intercept traffic with Burp but I'm running into problems that I have never had before. There are only a few HTTPS requests that I can seem to intercept. Both in FireFox and Chrome, I get a "certificate untrusted" error in one form or another and I can't connect to HTTPS w...

    1 Agent Answer    0 Community Answer
    Feb 19, 2018 12:57AM UTC
  • burp web interface

    I am fresh new burp user, and already completed some of courses but now I cannot reach the burp web interface. Currently burp is working well but when I type http://burp it automatically sends me to tomcat it works page, not the burp page. Thanks and best regards.

    1 Agent Answer    0 Community Answer
    Feb 18, 2018 08:57PM UTC