Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • Crawling Stuck - v2.0.12beta

    Hi, the crawler hangs on "Locating authenticated functionality" and doesn't seem to be progressing. Also, how do I limit the crawler from trying to login with multiple agents? Currently it seems to be logging in 4 times.

    1 Agent Answer    0 Community Answer
    Nov 21, 2018 11:00PM UTC
  • Tester

    In the repeater request type in Chinese, its display is garbled, any good solution?中文为乱码

    1 Agent Answer    0 Community Answer
    Nov 21, 2018 11:45AM UTC
  • session handling rule set parameter value in json

    For Burp Suite 2.0.12beta: A session handling rule (Project Options -> Sessions) that takes care of setting the value of a given parameter in http requests is not applied to request bodies in json format. In the request example below, I have tried to replace the value of the parameter "_csrf": POST /api/bla/info/update HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Window...

    2 Agent Answers    1 Community Answer
    Nov 19, 2018 08:44AM UTC
  • v2.0.x Extender API iScanQueueItem.getPercentageComplete() does not work

    While testing, we realized that there is a bug in the Burp Extender API iScanQueueItem.getPercentageComplete() for Burp Professional v2.x (beta). We have verified the problem with both 2.0.11 and 2.0.12. getPercentageComplete() always returns 0 - instead of the correct percentage. Please see for th...

    4 Agent Answers    3 Community Answers
    Nov 16, 2018 10:16PM UTC
  • Burp 2 Beta API key issues

    When the Burp 2 REST API is enabled and the "Allow access without an API key" option is enabled and there is an API key added it is not possible to use the API key to make API calls. For example this:<api key>/v0.1/ will give me an "Invalid API version" error message. This is incredibly confusing. What I expect to happen is that the A...

    2 Agent Answers    1 Community Answer
    Nov 16, 2018 02:08PM UTC
  • Burp 2.0 beta doesn't clean up temp file on exit

    My Burp Pro 1.7 generates some temporary files when running, and it will clean up these files on exit. Burp Pro 2.0 beta does not properly handle these on exit; every time I start Burp 2.0 it says there is temp file left from last start.

    2 Agent Answers    1 Community Answer
    Nov 15, 2018 04:32PM UTC
  • BURP v2.0.11beta UI bug on macOS

    Hey, When creating new project on disk in dark mode on macOS, the special directory icons are broken (dir up, new dir etc) Cheers!

    1 Agent Answer    0 Community Answer
    Nov 15, 2018 09:38AM UTC
  • Bundled JRE can generate DH pairs larger than 2048 bits

    Hello, Burp Suite v1.7.37 is bundled with Java 1.8.0_112. This version of Java is quite old and can't generate DH pairs (used for SSL) larger than 2048 bits. The site is good testbed (pair size = 4096), as indicated in the SSL Labs report (search for "Java 8"): I w...

    5 Agent Answers    5 Community Answers
    Nov 13, 2018 10:33AM UTC
  • Old 1.6.x Windows bug on beta version

    Hi, The latest beta version is not silently deleting temp folders on start 2.0.11beta / Windows 10

    1 Agent Answer    0 Community Answer
    Nov 12, 2018 08:59PM UTC
  • gettin error code : SSL_ERROR_RX_RECORD_TOO_LONG

    iam using firefox ,i changed proxy and imported CA certificate. when i try to intercept iam getting error message Secure Connection Failed An error occurred during a connection to SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG The page you are trying to view cannot be shown because the authenticity of the r...

    5 Agent Answers    13 Community Answers
    Nov 09, 2018 12:30PM UTC