Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Configure Burp to intercept Internet and Intranet traffic

    Hi I have been using burp to intercept traffic to localhost websites only, basically i run tomcat locally and then use proxy 127.0.0.1 8080 in burp and browser, This works well for local traffic, but i cannot use for internet or intranet traffic Is there a way i can get burp to work to intercept internet and intranet traffic, normally i use Fiddler for this, but would like burp better then Fid...

    1 Agent Answer    0 Community Answer
    Dec 12, 2016 02:06PM UTC
  • Is Burp Infiltrator working?

    I think I'm using Burp Infiltrator correctly but I don't believe that I'm not seeing any Infiltrator results in the Issues. I'm testing against the WebBank vulnerable demo project (https://github.com/pentestingforfunandprofit/webbank) and from an Active Scan get 'Certain' SQL Injection, Xpath Injection, XXE, XML Injection, DNS and HTTP collaborator interaction, etc. b...

    4 Agent Answers    2 Community Answers
    Dec 11, 2016 11:00PM UTC
  • burp suite

    Hi I'm running IE 11 through burp suite but in conjunction with the TOR browser and keep getting the following error message - I'm sorry I'm new to pentesting so hope you could advise: Error SOCKS server general failure.

    1 Agent Answer    0 Community Answer
    Dec 11, 2016 05:16PM UTC
  • Edit Request in interceptor using burp extender

    Hi Is it possible to use burp extender to write a custom tool which will modify a certain paramter , every time this parameter is present in this request ?

    1 Agent Answer    0 Community Answer
    Dec 09, 2016 08:43PM UTC
  • Always requires a log for the audit trail

    Hi We always need a log every time. Can I write the settings in the configuration file or startup options? Or othere nice way. Thanks

    2 Agent Answers    1 Community Answer
    Dec 09, 2016 08:19AM UTC
  • Meaning of red highlighted text Target-Site map?

    I have several items in my Target-Site map that are in red text. What does this mean?

    1 Agent Answer    0 Community Answer
    Dec 08, 2016 06:40PM UTC
  • Cross-site request forgery - ignore date response header

    Hi, I'm receiving a lot of false positives as nginx is sending the Date header - which is obviously different each time the scanner tries a new combination - so Burp is highlighting it (albeit tentatively). Is there any way to tell the scanner to ignore the date response header? Thanks, Ed

    1 Agent Answer    0 Community Answer
    Dec 07, 2016 01:23PM UTC
  • How can I intercept traffic on iOS 10?

    Always when I try to intercept traffic from some specific Apps on iOS 10 I get the error below. The client failed to negotiate an SSL connection to graph.facebook.com:443: Received fatal alert: unknown_ca I did some research and I came across to this article: https://nabla-c0d3.github.io/blog/2015/12/01/burp-ios9-ats/ It says that I need to generate a 2048 bits certificate and private ...

    2 Agent Answers    1 Community Answer
    Dec 07, 2016 03:53AM UTC
  • proxing Thick client Applciations

    I working with Java Thick client application which is used login in Browser after successful login it collects the jar files from server and later it became Desktop application i configured normal as Web application then that time request and response are captured after the Desktop application not captured. i searched below links https://portswigger.net/burp/help/proxy_options_invisible.html ...

    2 Agent Answers    1 Community Answer
    Dec 05, 2016 07:35AM UTC
  • Best manage CSRF in Alfresco

    Scanning Alfresco, and wanted to do automated scans of "create-site" function (for example). GET of the "create-site" URL (or any URL) seems to refresh the CSRF token sometimes (Alfresco-CSRFToken), I think the first GET after one or more POSTs. POST to the "create-site" has both HTTP header "Alfresco-CSRFToken: HEX" and Cookie "Alfresco-CSRFToken...

    1 Agent Answer    0 Community Answer
    Dec 02, 2016 05:53PM UTC