Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • Configured the Burp Proxy. Applications not working thru proxy

    Hi Support, I configured the proxy as per the document in Burp and Mozilla. Applications not working through this proxy. It is just hanging. Kindly suggest.

    4 Agent Answers    3 Community Answers
    Feb 21, 2019 11:01AM UTC
  • Maybe not a bug, xss reported by Burp

    I came across an xss found by the scanner and reported as Certain. test74666'%3balert(1)%2f%2f901vivg94 I was not able to reproduce it manually until I put a ) between the ' and the ; -> %3b. I'm wondering why Burp doesn't report it - so to speak - correctly. Thanks in advance.

    1 Agent Answer    0 Community Answer
    Feb 14, 2019 09:21PM UTC
  • report issue

    How many Types of reports available in burp suite report..? and what are the possible test cases are present in the burp scanning report..?

    1 Agent Answer    0 Community Answer
    Feb 14, 2019 05:07AM UTC
  • Burp suite submitting blank username and passwords when doing an authenticated crawl

    Right now, I get locked out of my account because burp suite is trying to login with blank user names and passwords. I get locked out because it tried multiple times with the same IP. How can I see further into the issue that burp suite is submitting blank user names and passwords?

    3 Agent Answers    4 Community Answers
    Feb 11, 2019 07:57PM UTC
  • Burp text is kind of akward using i3wm and xorg

    Hello, I'm experiencing some really annoying font dpi problems with the application, they are really making the experience with burp unbearable, I am using i3wm and, as you can see on the screenshot, the text is all fuzzy and I didn't manage to fix it yet, I tried changing the font family/size but it didn't fix the problem, here's a screenshot https://imgur.com/a/8F4XwEv ...

    1 Agent Answer    0 Community Answer
    Feb 05, 2019 10:05PM UTC
  • External Service Interaction - Bug Bounty?

    I have found an external service interaction issue on a website that is listed in hacker one, I want to send a report, but, I'm not sure how to come up with a proof of concept to send to them. I have recently reported an external service interaction bug, but the company asked for a poc and I had no idea where to begin. First of all I used burp suite pro active scanning to find the issue an...

    1 Agent Answer    0 Community Answer
    Feb 05, 2019 06:36AM UTC
  • Certificate Error

    Team, I have generated self signed PKCS 12 certificate and uploaded it onto the Burp enterprise webserver using the GUI. However, when I invoke the scan using the CI driver, I receive the following error message. echo "BURP_SCAN_URL = http://demo.testfire.net" | java -jar burp-ci-driver-v1.0.5beta.jar --scan-definition=myscan.json https://10.10.68.34:8080/api/<APIKey> E...

    1 Agent Answer    0 Community Answer
    Feb 01, 2019 01:26AM UTC
  • Burp Collaborator built-in DNS server responds with NOTIMP to CAA requests

    Hello! (tested on v.1.7.37) During renewal of wildcard certificates from Let's Encrypt, there's two DNS-related events: the validation of the ACME challenge (synchronous) and the validation of CAA entries (asynchronous). Burp Collaborator currently supports none of them. Validating the ACME challenge over DNS is doable: temporarily redirecting DNS traffic to another DNS server (dns...

    1 Agent Answer    0 Community Answer
    Jan 28, 2019 11:02PM UTC
  • Burp 2.x does not passively scan certain content types it did in 1.7

    In Burp 1.7.x Burp would find issues like 'Email address disclosed' on non-HTML content types. For example if the following was served in 'emails.txt' with Tomcat: test@gmail.com fake@gmail.com Burp 1.7.x would find and report the 'Email address disclosed' issue. In Burp 2.x that is no longer the case. Burp will not show these in the passive audit task an...

    2 Agent Answers    1 Community Answer
    Jan 28, 2019 04:17PM UTC
  • Burp 2.0.14 install4j error.log

    I get an error.log generated when using the Burp 2.0.14 Windows 64-bit installer. Looks like this happened because the included JRE got updated to Java 11. java.lang.NoClassDefFoundError: sun/misc/Unsafe at com.install4j.runtime.util.internal.ReflectionUtil.initUnsafe(ReflectionUtil.java:29) at com.install4j.runtime.util.internal.ReflectionUtil.setUnsafeAccessible(ReflectionUtil.java:41)...

    2 Agent Answers    2 Community Answers
    Jan 24, 2019 04:20PM UTC