Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Non-GUI configuration of predefined payload lists in Intruder

    Hello, default Intruder payloads can be modified through the GUI via the "Intruder -> Configure predefined payload lists" menu. However, I'd like to set this option when starting Burp Suite, using a JSON file like for hotkeys, proxy config, ... Is that possible? Additional Q: where is this value persisted? Thanks in advance, Nicolas

    4 Agent Answers    5 Community Answers
    Jun 27, 2017 10:09AM UTC
  • Need info for creating custom intruder gui

    Hello All, I am working on a extension development which has a requirement for custom UI for intruder tab with default intruder functionalities (i.e. the ui is only different, core functionality will be same as intruder tab). Is it possible to override the intruder methods to create same functionality and display in my custom UI?

    2 Agent Answers    1 Community Answer
    Jun 27, 2017 08:33AM UTC
  • Form action hijacking

    Hola Working on site that is reporting the new Burp finding for Form Action Hijacking (Reflective). The application has a POST parameter that is place in the form action html tag. Would you consider this finding in the same category as an arbitrarily URL redirection finding obviously without the 302 redirect?

    2 Agent Answers    2 Community Answers
    Jun 20, 2017 09:40PM UTC
  • License

    Please let me know a single user license key can work if i moved it to some different system as in i am facing issues with my current PC where i have installed the burp license and i want to change my system, so the same key is going to work?? or it's abide to the installed-system only

    1 Agent Answer    0 Community Answer
    Jun 15, 2017 03:36AM UTC
  • Https not working on new phone

    Hi - Was able to use burp with my previous device (iphone 6), but trying to configure my new iphone 7 and not having any luck. Without cert installed I can access http sites with burp, but after installing the cert my device won't load anything and burp doesn't see any traffic - neither https nor http. I've gone through all the steps three different times and validated that PortSwi...

    1 Agent Answer    0 Community Answer
    Jun 13, 2017 01:20AM UTC
  • security testing

    Hi Team, We have tested one app in which we have set cookie as secure & HTTPONLY from code level. But still its showing us below issue during scanning. "Cookie without httponly flag set" Kindly suggest why its showing this if its already fixed. Thanks

    1 Agent Answer    0 Community Answer
    Jun 09, 2017 07:09AM UTC
  • Private Burp Collaborator Server is not working only for me apparently

    I'm trying to deploy an instance of Private Burp Collaborator Server but it seems that burp.jar is ignoring the parameter --collaborator-server. From the help I can see the option there. root@zion:~/Downloads# java -jar burpsuite_free_v1.7.23.jar --help Usage: --help Print this message --disable-extensions Prevent loading of extensions on startup --diag...

    1 Agent Answer    1 Community Answer
    Jun 08, 2017 09:42PM UTC
  • Analysing a token in hex format with sequencer

    Analysis of a token in hex format that is 4 bytes in total length, for example: AB FF 81 4E When I load a series of tokens into sequencer, it interprets the token lenght as 8, which is not the case. AB is one byte, FF is one byte and so on. How can I instruct Burp how many bytes the token consists of and that for example "AB" is one byte and not two. Thank you in advance and Kind Re...

    2 Agent Answers    2 Community Answers
    Jun 02, 2017 01:54PM UTC
  • Burp consumes all RAM

    Hi, I'm running Burp installed on linux (not the portable version) and it consumes all RAM on my machine, up to the point it closes itself. Is there a way to launch it, the same way that happens with the .jar version, limiting the memory it is assigned? Thanks in advance.

    2 Agent Answers    1 Community Answer
    Jun 02, 2017 10:16AM UTC
  • How do I use burp suite to scan hidden fields automatically

    How do I use burp suite to scan hidden fields that show up when I spider a website. When I spider a website, I get two option submit or ignore. How do I test those hidden fields automatically to make sure no one can use those to get any access or data from the website.

    4 Agent Answers    3 Community Answers
    Jun 01, 2017 09:08PM UTC