Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

How Do I?

Make a new post

  • angularJS - Client-Side Template Injection

    Hello - I'm testing a web app that is using AngularJS v1.3.11. Burp has flagged multiple high risk client-side template injection issues with a confidence of firm. I'm trying to figure out if this is a false positive or something I need to report. Essentially, Burp is flagging that it is possible to inject arbitrary expressions into the client template. An example would be were user...

    2 Agent Answers    5 Community Answers
    Apr 05, 2017 09:19PM UTC
  • Does Burp Collaborator test for "dangling markup" vulnerabilities?

    This article on github ( ) outlines an attack where an attacker injects an unclosed img tag <img src=' which then includes everything until the matching quote in a request to some-evil-site, potentially sending sensitive data. Question, d...

    1 Agent Answer    0 Community Answer
    Apr 03, 2017 10:55PM UTC
  • Interception turned off upon starting

    Hello, I would like to ask you how should I save (and load) a burpsuite project that on start, upon loading from a .burp file, interception will be turned off? Thanks.

    1 Agent Answer    1 Community Answer
    Apr 03, 2017 02:16PM UTC
  • Since iOS 10 can't trust Burp anymore, recommended alternatives?

    Since iOS 10 can no longer really "trust" the Burp Suite certificate, does anyone have any alternatives that free? While it shows up as trusted in iPhone, it still marks it as not secure when browsing to a site that uses the trusted burp certificate. I saw someone mention use a wildcard cert, but letsencrypt doesn't support it. Just trying to figure out an alternative to being able ...

    1 Agent Answer    1 Community Answer
    Mar 31, 2017 03:57PM UTC
  • I am not able to activate my burp license after formating my laptop.

    My laptop had windows 10 pro burp installed. After formatting I installed windows 10 single language and tried to activate burp but no luck, it says "activation failed no more activation for this license". But burp was activated on this pc Kindly suggest what to do in this case. Is there any way that I can activation burp on my PC? Is my license going to waste?

    1 Agent Answer    0 Community Answer
    Mar 31, 2017 05:40AM UTC
  • Burp shows super tiny window&letters

    Hi, When opening Burp on my Dell 5510 it won't maximize and it shows tiny window&letters. What settings should I change to see Burp at normal size and not in miniature. Also, I am not able to install any new updates as it freezing at 100% download. The download will not complete.

    2 Agent Answers    1 Community Answer
    Mar 31, 2017 02:31AM UTC
  • Change part of a URL in a project

    Hi, We have extensively done browsing to record as most URLs as possible for a particular website, and tested that version, which resides in: Now we've moved the same website to another URL, and we access that through: The website, hyperlinks, pages, and applications are the same, but they are placed in another a...

    1 Agent Answer    0 Community Answer
    Mar 28, 2017 06:20PM UTC
  • License

    Hello, I have corporate license for Burp Suite Professional. Which product do I need to download to activate it? Trial version of Burp Suite professional? Will I be able to activate Pro license on it? Or just download Free edition, and activate license? Thank you.

    2 Agent Answers    1 Community Answer
    Mar 28, 2017 10:49AM UTC
  • Manipulate Header Request Parameter in Extension

    Hi, I want to build up a automatic test system for a json api. My plan is as follows: Initially I get a fresh login token. Then i get into the proxy (processProxyMessage) and to replace the token with my freshly acquired login token. My problem is that I cannot update the content of my request. The token just doesnt change. Pseudocode: public void processProxyMessage(boolean messageIsRe...

    1 Agent Answer    0 Community Answer
    Mar 27, 2017 04:09PM UTC
  • SiteMap & Spider Out-Of-Scope Entries

    Hi, I have an application that I'm testing with thouthands maybe more of urls like[0-9]+ and I don't want to go thru them all not in Sitemap/Proxy/Spider so first I setup a rule in Scope Exclude with ^example\.com$ ^/[0-9]+.* and I have this settings in: Spider/Control/Spider Scope: Use Suite Scope Project Options/Connections/Out-Of-Scope: Use Suite Scope and Drop ...

    1 Agent Answer    0 Community Answer
    Mar 26, 2017 10:01PM UTC