Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • Unable to use Burp with proxy

    Setting my Firefox proxy server to 127.0.0.1:8080 for all protocols disallows me from connecting to any website at all. Error message: https://gyazo.com/dba7c96b3dd6920b33f1ccf2810b7826 Not only that, but the HTTP history always displays connections to "detectportal.firefox.com" as it's intercepting. https://gyazo.com/3b622cb3ce5934771769885724d2cba2 Any tips on how to ge...

    2 Agent Answers    1 Community Answer
    Jan 18, 2018 05:04PM UTC
  • Remote host connection closed during handshake

    Hi , Burp is not intercepting traffic when I am accessing app via company n/w with proxy However, when I am connected to my home n/w ( no proxy) I am able to intercept in Burp. Can you please advise ASAP Rds, Garry

    3 Agent Answers    3 Community Answers
    Jan 18, 2018 06:57AM UTC
  • Grep all responses for a specific string

    Hey, During my testing I usually enter some predefined strings into all possible fields. Lets say all my data looks like "AAAA-something" strings. Not always it is reflected immediately to the ouput. Is it possible to passively scan all server responses and grep them all for my specific strings ? I know this is possible in Intruder. But I need it as a passive scan feature while br...

    1 Agent Answer    1 Community Answer
    Jan 15, 2018 08:14AM UTC
  • Restore installed extensions

    Hey, Is it possible to install a selected number of extensions from BAppStore and restore them on Burp restart and new project creation? It is tedious to reinstall extensions everytime I start bounting on a new scope.

    2 Agent Answers    2 Community Answers
    Jan 11, 2018 06:36AM UTC
  • connection:close And Portswigger CA certificate untrusted by ESET Antivirus

    Hello, I have installed burp suite v.1.7.30 on windows 10 and configured Mozilla firefox accordingly. Every time I try to access any website ESET antivirus gives an alert saying "Encrypted Network Traffic, untrusted certificate" also in Burp Suite connection: close is shown. What do I do?

    1 Agent Answer    0 Community Answer
    Jan 10, 2018 01:18PM UTC
  • Android SSL Proxy - Works on browser but not on app

    Hello, I'm trying to proxy traffic from an android application to Burp. I've setup the proxy on the mobile device's WiFi settings and imported the Burp CA certificate onto the android device. I'm able to see traffic from the android device when I use the device's web browser. However, when I try to intercept traffic from the mobile application I keep getting the messag...

    1 Agent Answer    0 Community Answer
    Jan 08, 2018 07:24PM UTC
  • Update intruder request according to reponse

    Hi All, I'm a burp newbie, sorry if this has been answered before. I am trying to use intruder to brute force a password reset function. The password reset functionality emails a 4 digit number to the email address specified, and then you are required to enter that 4 digit auth code with your new password. Problem is there is a token that changes if you enter the wrong 4 digit code 3 ...

    1 Agent Answer    1 Community Answer
    Jan 07, 2018 11:41AM UTC
  • Understanding sockjs path in Target / Site Map for Vulnerability Scan

    Hi, I'm running a Meteor application and can see paths that I've created in my application's router code show up as expected under my website's domain in the `Target -> Site Map` tool within Burp Suite. However, I'm also seeing a folder/path called "sockjs" in the site map tool under my website's domain, which tends to have multiple numbered subfolder...

    1 Agent Answer    0 Community Answer
    Jan 05, 2018 10:32PM UTC
  • Getting Error while updating burpsuit in debian jessy

    We are using burpsuit in OS -debian jessy .When we tried to updating burpsuit getting error as shown below An error occurred: java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11GraphicsEnvironment please give a solution for this issue. Regards Shinysoman

    1 Agent Answer    0 Community Answer
    Jan 05, 2018 08:36AM UTC
  • Get all payloads for scanner?

    Hi, Is it possible to get all the payloads from Scanner? And this list should also be categorized per individual issues. Basically, I want to be aware of exactly what payloads will be put in the target requests before I perform the actual scan. Usually I test acceptance and testing environments but when doing it on production I am very cautious of using Burp scanner, as I should be of course...

    1 Agent Answer    1 Community Answer
    Jan 03, 2018 10:40AM UTC