Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Getting err_cert_authority_invalid after following the instruction to configure in Android

    Hi, I am getting the error: err_cert_authority_invalid after i installing cacert in Android device. I follow the step that is available here and still getting this error. Please help. Thank you!

    1 Agent Answer    0 Community Answer
    Jul 31, 2017 05:44AM UTC
  • Burp Proxy and Microsoft Office Plugin?

    Trying to test a new app we're developing which has a plugin for Office that is a browser that allows for a template like builder pulling data from auth'd server. Tyring to figure out how to proxy that plugin w/in MS Office to test/validate traffic back to our server from client.

    1 Agent Answer    0 Community Answer
    Jul 28, 2017 09:08PM UTC
  • Remove entries from "Open existing project"

    Hello, how can I delete entries from Burp's "Open existing project" list without deleting or moving the burp files? Where does Burp maintain the list of existing projects? Thanks

    1 Agent Answer    0 Community Answer
    Jul 24, 2017 09:13AM UTC
  • Anti-CSRF Token Update/Burp Macro

    Hello, I have been testing out the macro functionality of Burp in order to update anti-CSRF tokens on requests. I'm having issues because when I record and test the macro, everything works fine and as intended but after I configure the session handling rules, the token never updates. I primarily am testing this using Intruder because the scanner is a little more difficult to identify defin...

    1 Community Answer
    Jul 21, 2017 04:45PM UTC
  • Whatsapp and twitter MITM

    Dears, Can anyone please assist why cant i intercept Whatsapp or twitter packets from mobile device even after installing the burp certificate and unpinned the app.

    2 Agent Answers    1 Community Answer
    Jul 20, 2017 09:30AM UTC
  • Is that possible to create a Docker image of Burp Pro?

    I am trying to create a docker image of Burp suite, two challenges showed up: 1. How to get a Burp Pro version and load the license in it without UI interaction? 2. I have some my own extensions as Jar files, how can I load the extensions without UI interaction? Thanks! Kai

    3 Agent Answers    3 Community Answers
    Jul 18, 2017 06:43PM UTC
  • Burp Collaborator Health Check & SSL

    Hello, I have deployed a private Collaborator on my internal network, and I am attempting to get SSL to work. We have an internal CA that I have used to issue a wildcard cert. When I run the health check I still get a warning for the 'server https connection (trust enforced)' and 'server smtps connection (trust enforced). The accompanying message for that warning is: An SSL er...

    2 Agent Answers    1 Community Answer
    Jul 17, 2017 10:22PM UTC
  • Burp spider/scan - endless requests due application design

    Hi, I was wondering if anyone has some tips for spidering/scanning web application that uses URI to create searches and define options for downloads. For example: After the /archive/ there are lots of different options for searches/downloads that use the URI. Now when i spider or scan application like this, there will be "...

    1 Agent Answer    1 Community Answer
    Jul 17, 2017 07:51AM UTC
  • How do I reuse or restrict burp's source ports

    I'am using intruder configured with 50 threads. It seems that on each request burp uses new source port. The gateway router NATs every request on a separate port. Each 16300 requests intruders requests are dropped for couple of minutes. It seems that the router doesn't provide new ports. During the drops the router probably waits to timeout all the allocated ports which have been used on...

    1 Agent Answer    0 Community Answer
    Jul 16, 2017 06:06PM UTC
  • Match and replace

    Hello. How do I write a newline character in the Replace field, in "Match and Replace"? Which kind of notation is used? Is there any list of examples? Thanks in advance.

    3 Agent Answers    3 Community Answers
    Jul 13, 2017 02:32AM UTC