Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Macro: How to receive a parameter from POST response to use it in the next GET request

    Hi community, I am currently testing a REST API and I would like to use a JSON parameter from a POST response in the next GET request. The workflow is the following: 1. POST to application like: POST /rest/requests [...] { "parameter":"test", } 2. The application replies with a unique ID in JSON format: {"ID":"yourID"} 3. If I use now "your...

    3 Agent Answers    3 Community Answers
    Nov 27, 2017 07:55AM UTC
  • Issues and advisory panel not showing in sitemap

    Hi, Issues and advisory panels are not showing in sitemap. I am using free edition v1.7.27

    1 Agent Answer    0 Community Answer
    Nov 27, 2017 12:25AM UTC
  • I want to know how long a particular API has taken to load

    Where I can find the time taken by API to load. I am using HTTP proxy. I know we can check time taken by using Repeater tab. But, I want to know the time taken by API when it is being used by an app or website on mobile.

    1 Agent Answer    0 Community Answer
    Nov 24, 2017 09:43AM UTC
  • Burp Intruder Payload Processor Extension for running custom shell/python scripts

    Do you know of any extension allowing for running intruder payloads through custom shell/python script? That would be helpful if an app expects some specifically encoded/encrypted data for instance. Thanks, Mike

    1 Agent Answer    0 Community Answer
    Nov 22, 2017 12:05PM UTC
  • unable to access "" url in Burp suite

    Hi Team, After i set proxy in browser and access my application am unable to access few functionalities which required third party site/libraries . Brief about issue: To access GIS functionality in my application i need to keep open third party url ( in other tab of the browser. Then after i configured proxy and access the application using burp that specific third party url is t...

    2 Agent Answers    1 Community Answer
    Nov 22, 2017 08:31AM UTC
  • Hide errors from client.

    Hi! I am looking a way to hide the errors of burp suite from the client. Sometimes the Internet at our office doesn't connect to the desired website. Instead it redirects it to the ISP homepage. This happens rarely and when this happens there is this burp error at the client side. Error No response received from remote server Is there a way to hide these errors or is this not possibl...

    1 Agent Answer    0 Community Answer
    Nov 21, 2017 07:12AM UTC
  • Decoding Gzip/Deflate issues

    I'm trying to read the contents of packets sent from an Android device and some packets where Burp can detect Gzip compression, it shows the contents, however there are often times I see packets with this information and Burp can't decode or can't detect compression. How can I see the contents of this compressed packet contents? The following is from a Android phone, manufacturer...

    1 Agent Answer    0 Community Answer
    Nov 19, 2017 11:53AM UTC
  • [intruder] brute forcer tickets get used up?

    The website I am testing here does not have any captcha, however it does only allow one login per ticket. It is not a thing because the ticket gets regenerated when browser gets refreshed. How do I get burp suite to generate new ticket every time it does a new payload? A snapshot of user_session%5Busername%5D=fakeusername&user_session%5Bpassword%5D=§password§&lt=LT-1511018798r8EB3B66739CF...

    1 Agent Answer    0 Community Answer
    Nov 18, 2017 03:33PM UTC
  • Burpsuite to online proxy server

    I am trying to fuzz my website through an online proxy.I can set the port, however i can not change the "Bind to address" into another IP other than localhost( How do i do this?

    1 Agent Answer    0 Community Answer
    Nov 18, 2017 11:41AM UTC
  • Extract strings matching a regexp in Burp

    Hello guys, Any idea how to extract strings matching a regexp in Burp? I mean i see how to search but not how to extract. Thanks,

    1 Agent Answer    0 Community Answer
    Nov 17, 2017 08:35PM UTC