Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post


    Firefox 50.1.0, Mac OS X 10.12.2, Burp Suite 1.7.16 (from tarball, never got the hang of the mac package). I started receiving this for requests whilst scanning a server that linked out to Facebook using the intercepting proxy. Tried various things, but ended up having to delete old CA, regenerate the CA Cert, importing it, and restarting firefox, and it is working again. ...

    2 Agent Answers    0 Community Answer
    Jan 17, 2017 12:42PM UTC
  • scan report

    Hi, I created a site map and saved the state. Is there a way to automatically send this site map to active scan and then automatically create a report? I noticed I can schedule the task for scan, but not for generating the scan report. Thanks

    2 Agent Answers    1 Community Answer
    Jan 15, 2017 06:10PM UTC
  • How to configure a proxy chain with Burp as a last proxy?

    I know that Burp can use an upstream proxy server. On the contrary, I need that Burp is the last proxy of a chain (using e.g. ZAP to handle all the traffic). Is it possible to configure Burp in this way? Any help is appreciated.

    1 Agent Answer    0 Community Answer
    Jan 12, 2017 09:42PM UTC
  • XML appears good, but Burp keeps giving me a "400" error during XXE Intruder attacks

    I'm kind of at a loss and need another set of eyes. I'm attempting to set up XXE attack (Sniper) so we can test a fix, but I keep getting a "400 bad request" message. The payload I am using is as follows: POST /SettingsService/AnalysisSettingService HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "

    1 Agent Answer    2 Community Answers
    Jan 10, 2017 08:21PM UTC
  • comparing reports to view the changes

    Ok, I have been scanning my company websites. What I need to do now, is to compared the reports for the mgmt. I save the reports HTML file I have search the BA store could not find anything like this. Is there something you can advise to use?

    1 Agent Answer    1 Community Answer
    Jan 09, 2017 09:57PM UTC
  • Burp Extension CSRF Token

    Hello, I'm working on an extension where it will automatically grab the last response csrf token and insert it into the HTML header parameter for the POST request. I was able to parse out the CSRF token received from the server in the response; however, for the request how do I access the header parameters? I was able to print the HTTP headers; however, it doesnt include the CSRF portio...

    2 Community Answers
    Jan 09, 2017 05:01PM UTC
  • Interception

    Hello, I would like to make an extension for BurpSuite, which would intercept the requests, wait for a time interval, and then send the requests to the server. In the future I am planning also to modify these packets. However, I would like to know how can I perform the request interception for defined time intervals by using the API for the extension. Could you please provide some guidance or h...

    2 Agent Answers    1 Community Answer
    Jan 09, 2017 10:23AM UTC
  • connection:close

    I've installed ca certificate but in every website connection:close

    2 Agent Answers    1 Community Answer
    Jan 06, 2017 07:39PM UTC
  • automatically scan the web site

    Hi, my goal is to using Burp as a vulnerability scanner and scan the web site automatically. I built site map using spider and content discover, followed the instruction "using burp as a point-and-click scanner". Then I did "active scan" on the host/branch. In the middle of the active scan, seems it automatically logged out of web server, and all the subsequent scan are r...

    1 Agent Answer    0 Community Answer
    Jan 06, 2017 05:11PM UTC
  • Burp Automated Scanning

    While scanning an url having multiple parameters, if burp gets an vulnerability for a parameter does it check for all other parameters or it stops scanning for the url.

    1 Agent Answer    1 Community Answer
    Jan 05, 2017 06:46AM UTC