Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • connection:close

    I've installed ca certificate but in every website connection:close

    2 Agent Answers    1 Community Answer
    Jan 06, 2017 07:39PM UTC
  • automatically scan the web site

    Hi, my goal is to using Burp as a vulnerability scanner and scan the web site automatically. I built site map using spider and content discover, followed the instruction "using burp as a point-and-click scanner". Then I did "active scan" on the host/branch. In the middle of the active scan, seems it automatically logged out of web server, and all the subsequent scan are r...

    1 Agent Answer    0 Community Answer
    Jan 06, 2017 05:11PM UTC
  • Burp Automated Scanning

    While scanning an url having multiple parameters, if burp gets an vulnerability for a parameter does it check for all other parameters or it stops scanning for the url.

    1 Agent Answer    1 Community Answer
    Jan 05, 2017 06:46AM UTC
  • Private Burp Collaborator Issues (Server HTTP connection Error + Verify Warning + Version Warning)

    I have set up a private burp collaborator server in AWS using all custom ports but I have redirected the standard ports to these using iptables so from an external perspective they are fine. However I am having several issues when running the health check: ---------- Initiating health check Server address resolution => Success Server HTTP connection => Error Server HTTP...

    1 Community Answer
    Jan 04, 2017 09:03PM UTC
  • reset session in intruder attack

    Dears , is it possible while using intruder attack feature to reset the session every request to be able to pay pass the session expiry and continue the attack. BR,

    1 Agent Answer    1 Community Answer
    Dec 24, 2016 07:06PM UTC
  • Burp Collaborator config

    i have a ec2(cloud server amazon), and inside of this server i have a burp, running with "java -jar bur.jar --collaborator-server". In my local machine, i have burp pro. How can i configure my instance of burp in my local machine, with the burp collaborator inside of my cloud server at amazon. Because, when i put adress of ec2(amazon) on my burp project options --> burp Collaborator ...

    2 Agent Answers    4 Community Answers
    Dec 22, 2016 07:27PM UTC
  • Help Alerts Connection reset

    When I am actively scanning our website on the internal IP address with Burp Suite Pro, I get a lot of Connection reset So here is the setup of the scan I set the IP address to hostname in the project options so when, I look at the proxy tab-->> http history tab shows internal ip address correctly then I open that website (http only) then I add it to the ...

    2 Agent Answers    2 Community Answers
    Dec 22, 2016 05:29PM UTC
  • Extender API no method to get Issue references

    Hi! I'm developing an extension but couldn't find a way to get the Issue References. I found but there is no information regarding References.

    2 Agent Answers    1 Community Answer
    Dec 16, 2016 07:43PM UTC
  • Is it possible to save payload processing rules?

    Hey, I often use, for example, match/replace payload processing rule in Intruder, but it's annoying to always enter the same values. Is it possible to somehow save them and automatically apply to all new intruder tabs?

    1 Agent Answer    0 Community Answer
    Dec 15, 2016 01:25PM UTC
  • Tricky Issues for Different HTTP Methods in Burp-Suite Active Scan

    Dear Experts, We get a very tricky issue that, when we're trying to do active scan for some HTTP requests [the requests are triggered by our extension program using the burp interfaces], the requests with method type "POST/PATCH" can continue with correct responses and find some security issues, while the requests with method type "GET/DELETE" won't get any respo...

    1 Agent Answer    1 Community Answer
    Dec 14, 2016 08:41AM UTC