Getting Started with Burp Suite
Burp Suite Documentation
Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.
| Burp Suite Professional and Community editions | Burp Suite Enterprise Edition |
| Burp Scanner | Burp Collaborator |
| Burp Infiltrator | Full Documentation Contents |
Burp Extender
Burp Extender lets you extend the functionality of Burp Suite in numerous ways.
Extensions can be written in Java, Python or Ruby.
| API documentation | Writing your first Burp Suite extension |
| Sample extensions | View community discussions about Extensibility |
Bug Reports
Report a bug
-
If you crawl, the status code of the site map Response will change
If you crawl, the Response status code displayed on the site map is changed from "301" (redirect) to "200" (no redirect). When Crawl is executed, the contents of Response will be the contents after redirect. Originally, it is the content of the redirect, but there is a response with the content of the redirect destination. Therefore, when auditing from the site map, the “...
1 Agent Answer 0 Community AnswerNov 13, 2019 01:58AM UTC -
Match / Replace (Intruder Processing Rule) defect
Hi Burp-Team, I have noticed a bug in the Match / Replace Intruder processing rule. I wanted to replace the character " with \". I have tried multiple variants to achieve that but always ended up with a different result than the one I wanted to have. As far as I understand, the "replace" part should take the input as given, correct? However, filling in \" resu...
2 Agent Answers 1 Community AnswerNov 12, 2019 11:49AM UTC -
some content characters change when request is sent to intruder
hi, I attached a docx file with simple content (like some lines) in it, then sent the request to intruder and one to repeater from intercept (proxy) part for further investigating of request, it seems some character in the docx part is changed when it is sent to intruder. repeater works fine, but intruder doesn't ; i sent the both repeater and intruder request to comparer, and compare bot...
1 Agent Answer 0 Community AnswerNov 10, 2019 10:44AM UTC -
Re: Burp can't send any requests
Burp Suite constantly gives me issues but today is probably the worst. It won't send any requests to any site period. Proxy intercept is off and I have tried sending simple GET requests to google.com using repeater which doesn't work. I can access the web via my browser and have no problems at all with my connection. It is only Burp that can't send any requests. I am a professional ...
1 Agent Answer 0 Community AnswerNov 06, 2019 04:55PM UTC -
NET::ERR_CERT_WEAK_KEY
Hello, I've just updated my macOS to Catalina and Burp to version Version 2.1.05. The problem is that Chrome does not want to initiate a connection with Burp Proxy and shows the error "Your connection is insecure" with the following description: NET::ERR_CERT_WEAK_KEY. I presume the Burps CA generates private keys of 1024 bits, however these are no longer supported in this env...
1 Community AnswerNov 05, 2019 02:58PM UTC -
2.1.04 scanner stalling on pretty much every test
Hello, I've been trying to use the newer burp but so far I'm having great trouble making it actually perform its job effectively due to scans rarely finishing and having to frequently be "unstuck". The pattern at the moment is for a scan to be started with some settings setup up to try and prevent lock-ups, at the moment the "handling application errors during audit&quo...
5 Agent Answers 10 Community AnswersNov 05, 2019 01:58PM UTC -
Burp does not load url from environment variable in windows
Hi Team, I have configured the burp enterprise edition with "jenkins" and i have created a "execute windows batch script" to load the target url for scanning. Also, i have confgirued the burp scan plugin with below script as scan format: {"scan_configurations":[{"config":"Crawl strategy-faster, Audit coverage-thorough","type":"...
1 Agent Answer 0 Community AnswerNov 05, 2019 08:23AM UTC -
header injection using burp intruder is not working as expected
Hi, I noticed one problem while trying to do automatic header injection using intruder. i created emty placemarker in positions tab because I want to incert new header from the list of headers I have That is not a problem, how ever the problem is that the ":" gets replaced with "%3a%" for what ever reason. The question is it normal to be that way or is it a bug? ...
1 Agent Answer 1 Community AnswerNov 04, 2019 12:01AM UTC -
Burp not loading on a specific site
What do I do if Burp is causing my browser not to load a specific site. All of the proxy settings are configured correctly, I am able to browse to other sites and I can see the req/responses. But for this specific site, it'll load a blank page when burp is on but if I quit Burp it will load.
1 Agent Answer 0 Community AnswerOct 29, 2019 07:57PM UTC -
Burp Collab TCP stream issue
Hi Burp Team, I discovered a bug in Burp's collaborator, which confused me for about two days. Don't know if this is intended but to me it's a bug. What I saw is that if Burp collab receives a single TCP stream with a single HTTP request looking like this: ####### POST / HTTP/1.1 Content-Type: application/json Content-Length: 276 Host: collab_subdomain.burpcollaborato...
5 Agent Answers 5 Community AnswersOct 29, 2019 04:40PM UTC