Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • How to configure a proxy chain with Burp as a last proxy?

    I know that Burp can use an upstream proxy server. On the contrary, I need that Burp is the last proxy of a chain (using e.g. ZAP to handle all the traffic). Is it possible to configure Burp in this way? Any help is appreciated.

    1 Agent Answer    0 Community Answer
    Jan 12, 2017 09:42PM UTC
  • XML appears good, but Burp keeps giving me a "400" error during XXE Intruder attacks

    I'm kind of at a loss and need another set of eyes. I'm attempting to set up XXE attack (Sniper) so we can test a fix, but I keep getting a "400 bad request" message. The payload I am using is as follows: POST /SettingsService/AnalysisSettingService HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "

    1 Agent Answer    2 Community Answers
    Jan 10, 2017 08:21PM UTC
  • comparing reports to view the changes

    Ok, I have been scanning my company websites. What I need to do now, is to compared the reports for the mgmt. I save the reports HTML file I have search the BA store could not find anything like this. Is there something you can advise to use?

    1 Agent Answer    1 Community Answer
    Jan 09, 2017 09:57PM UTC
  • Burp Extension CSRF Token

    Hello, I'm working on an extension where it will automatically grab the last response csrf token and insert it into the HTML header parameter for the POST request. I was able to parse out the CSRF token received from the server in the response; however, for the request how do I access the header parameters? I was able to print the HTTP headers; however, it doesnt include the CSRF portio...

    2 Community Answers
    Jan 09, 2017 05:01PM UTC
  • Interception

    Hello, I would like to make an extension for BurpSuite, which would intercept the requests, wait for a time interval, and then send the requests to the server. In the future I am planning also to modify these packets. However, I would like to know how can I perform the request interception for defined time intervals by using the API for the extension. Could you please provide some guidance or h...

    2 Agent Answers    1 Community Answer
    Jan 09, 2017 10:23AM UTC
  • connection:close

    I've installed ca certificate but in every website connection:close

    2 Agent Answers    1 Community Answer
    Jan 06, 2017 07:39PM UTC
  • automatically scan the web site

    Hi, my goal is to using Burp as a vulnerability scanner and scan the web site automatically. I built site map using spider and content discover, followed the instruction "using burp as a point-and-click scanner". Then I did "active scan" on the host/branch. In the middle of the active scan, seems it automatically logged out of web server, and all the subsequent scan are r...

    1 Agent Answer    0 Community Answer
    Jan 06, 2017 05:11PM UTC
  • Burp Automated Scanning

    While scanning an url having multiple parameters, if burp gets an vulnerability for a parameter does it check for all other parameters or it stops scanning for the url.

    1 Agent Answer    1 Community Answer
    Jan 05, 2017 06:46AM UTC
  • Private Burp Collaborator Issues (Server HTTP connection Error + Verify Warning + Version Warning)

    I have set up a private burp collaborator server in AWS using all custom ports but I have redirected the standard ports to these using iptables so from an external perspective they are fine. However I am having several issues when running the health check: ---------- Initiating health check Server address resolution => Success Server HTTP connection => Error Server HTTP...

    1 Community Answer
    Jan 04, 2017 09:03PM UTC
  • reset session in intruder attack

    Dears , is it possible while using intruder attack feature to reset the session every request to be able to pay pass the session expiry and continue the attack. BR,

    1 Agent Answer    1 Community Answer
    Dec 24, 2016 07:06PM UTC