Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • "Response received" column disappears when "Grep Extract" is used

    In Intruder results: - display non-default column "Response received" - add a column based on "Grep - Extract" - the "Response received" column disappeared Not a big deal...

    0 Community Answer
    Jul 27, 2017 08:38PM UTC
  • Burp Collaborator OOB - HTTP

    Correct me if I'm wrong, but using the following payload "@<SNIPPED>.burpcollaborator.net/" to detect Out-of-band resource load (HTTP) will generate huge false positives, as I was able to trigger an issue for every website GET http://portswigger.net@<SNIPPED>.burpcollaborator.net/. Using the @ symbol seems to redirect all application. Not much information on why @ symbol...

    0 Community Answer
    Jul 27, 2017 11:04AM UTC
  • Smart decode is not smart

    The smart decoder is not working anymore for even simple base64 payloads. Please debug the issue and let me know. Thanks, Rod

    1 Agent Answer    0 Community Answer
    Jul 20, 2017 01:28PM UTC
  • NTLMv2 Proxy Auth not working

    Hi, I'm trying to use burp proxy with a corporate proxy that requires NTLMv2, however it doesn't seem to be working. IE, Firefox and Chrome are working fine with it, but burp throws an error saying "Failed to connect to proxy server" when NTLM auth is turned on. The request from the proxy seems to bleed to the next request which is probably causing the issue. See tcp stre...

    1 Agent Answer    0 Community Answer
    Jul 20, 2017 01:20PM UTC
  • Redirects to IPv6 IP addresses are not detected

    When a website redirects to an IPv6 address (between square brackets), Repeater will not detect the redirect: - the "Follow redirection" button doesn't appear - the "Repeater / Follow redirections / Always" option isn't honored Other areas (like Scanner) may be impacted. Test URL http://nicob.net/redirx-http-[2600:1f14:afd:600:4603:ce4e:7b81:fc5d]-80-app (pub...

    1 Agent Answer    0 Community Answer
    Jul 18, 2017 10:24PM UTC
  • Problem with BurpSuite

    After activating BurpSuite, I've used it once to scan some web. Next time I tried to start it, I receive following error: va.lang.ClassNotFoundException: burp.StartBurp at java.net.URLClassLoader.findClass(URLClassLoader.java:381) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331) at java.lang.ClassLoader.loadClas...

    1 Agent Answer    0 Community Answer
    Jul 13, 2017 12:44PM UTC
  • SEP quarantined gtc.class in 1.7.23.jar

    Symantec Endpoint Protection is performing a scan on my machine where I have Burp Suite Pro 1.7.23.jar and it has quarantined burp/gtc.class. What type of issues is this going to cause with the functionality of Burp?

    1 Agent Answer    0 Community Answer
    Jul 12, 2017 06:39PM UTC
  • CA CERT

    I'm installing the cert in IE and still unable to pull up HTTPS sites..

    1 Agent Answer    0 Community Answer
    Jul 11, 2017 06:35PM UTC
  • Incompatibility with AkamaiGHost

    I nearly opened a bug report a couple of months ago because I had this happening to me a few times for different web sites. However, as I didn't know the root cause I didn't report it at that time. If you got a lot of strange "Burp doesn't work!" support questions, this might be one explanation. I know this might be a problem of Akamai rather than Burp, but I want you t...

    1 Agent Answer    1 Community Answer
    Jul 05, 2017 03:30PM UTC
  • missing "Unencrypted communications"

    I perfectly understand the issue "Unencrypted communications" but I'm not sure how deterministic Burp is reporting this issue. What are the requirements for Burp to report this? I have done a lot of testing and the behaviour is not deterministic. I do an HTTP request in the browser and some sites get an Unencrypted communications issue, others don't. Are there any rules fo...

    3 Agent Answers    2 Community Answers
    Jul 02, 2017 06:33PM UTC