Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Scanner very slow

    Hi - I'm attempting a non-authenticated point and click scan of our SaaS application. There are over 1,300 items, many of which are 404.aspx and the help system. Why is it so slow? When I started it 12 hours ago, it seemed to be moving a long at a reasonable rate, but 12 hours later, only 100 items are complete. (At this rate, it will take a week to complete.) I'm running Windows 10. I...

    1 Agent Answer    0 Community Answer
    Mar 24, 2018 01:16PM UTC
  • How do I calculate the length in the proxy http history

    I was wondering about the size in the length column (in proxy http history),it has been said in the documentation that the length refer to the response length but it dose not seems like this, for example I have length is equal to 204 but in the response tab the actual content-length is 42 so how the length is calculated? and how do I map the response length with the length column

    1 Agent Answer    0 Community Answer
    Mar 24, 2018 11:21AM UTC
  • XSS in text/javascript Content-Type

    Burp scanner reports that on the text/javascript content type, XSS is possible with Severity: High, Confidence: Certain but I didn't find a way to prove it with a PoC. All modern browsers behave text/javascript files not as html file and as a plain text file so the injected malicious javascript doesn't work, just returned as plain text on the web browser. Is there any way to exploit this...

    1 Agent Answer    0 Community Answer
    Mar 23, 2018 12:16PM UTC
  • Http headers manipulation

    Burp tool is manipulating my http origin and referrer header. Please provide a way around to disable that

    1 Agent Answer    0 Community Answer
    Mar 23, 2018 07:02AM UTC
  • How to handle JWT sessions in burp.

    What about applications which is having JWT as authentication, Session expires quickly in that, How to handle that ?

    1 Agent Answer    0 Community Answer
    Mar 22, 2018 09:06AM UTC
  • Unable to access server after adding same server and port in Burp Proxy settings

    Hi I have added server ip and port being used in firefox proxy settings as well as in Burp Proxy settings, but I am unable to access server in browser. Each time I try to open server page, it open up the Burp Suite Professional page and an error message - Not able to connect. Can you please tell me how to configure burp proxy so that i can access server and scan it using Burp Scanner. Thank...

    1 Agent Answer    0 Community Answer
    Mar 22, 2018 06:27AM UTC
  • Use Burp Suite Community in compagny context

    Hello, Can I use Burp Suite Community Edition in my compagny or I must purchase de Professionnal Edition ? Thanks in advance for your reply. Regards,

    1 Agent Answer    0 Community Answer
    Mar 21, 2018 02:44PM UTC
  • Enable parameters to be identified in a Target Analysis

    I am running an instance of BURP Pro (v1.7.32) with both Passive and Active scanning enabled. When I run a Target Analysis and review what parameters were identified no of the password parameters were identified. Which concerns since if we are missing this parameter what others are missing. Are there any configuration settings to enable capturing of all parameters? It makes it difficult to depend...

    3 Agent Answers    2 Community Answers
    Mar 21, 2018 12:56PM UTC
  • "Enter license key" page is blank

    I m using pro version burp suite , it was working fine, but suddenly i noticed that at "Enter license key" page, its blank, due to which i m not able to move ahead by using Next button. Any suggestion regarding this issue.

    1 Agent Answer    0 Community Answer
    Mar 21, 2018 09:55AM UTC
  • Replacement of XML value in the body

    Hello, I would like to replace two different values in a SOAP request by the result of a local python script and thus for all SOAP requests that Burp proceeds (intruder, scanner...). Should I develop my own extension? If yes which method is the most convenient to this purpose? Thanks in advance Regards, Antoine

    1 Agent Answer    0 Community Answer
    Mar 20, 2018 12:59PM UTC