Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • Plaintext Password Storage

    Hello, If upstream proxy authentication is configured, the password is stored in cleartext within UserConfigPro.json; line 23 in my file. Cheers, Mark

    1 Agent Answer    0 Community Answer
    Sep 21, 2018 03:29PM UTC
  • Different results at first scan between version 1.7 and version 2

    In testing the 2.0 version of Burp, I noticed that, scanning the same target, version 1.7 found XSS reflected vulnerabilities that 2.0 did not. Both scanning were done using default configurations from both product. (I mean that, for 1.7 I followed the configurations suggested in "Using Burp as a point and click scanner" article) Once the 2.0 ( scan finished (without finding xs...

    2 Agent Answers    1 Community Answer
    Sep 21, 2018 09:05AM UTC
  • Crawler Missing Basic Resources

    The crawler does not find the resources defined in the following code: ``` <td> <input name="action_11" type="button" value="view" onclick="window.location='/mail/view/11'" /> <input name="action_11" type="button" value="reply" onclick="window.location='/mail/reply/11'" ...

    1 Agent Answer    0 Community Answer
    Sep 20, 2018 09:10PM UTC
  • Web server's SSL (HTTPS) does not agree with Firefox 62

    Firefox 62 offers the following "cipher suites" TLS_AES_128_GCM_SHA256 (0x1301) TLS_CHACHA20_POLY1305_SHA256 (0x1303) TLS_AES_256_GCM_SHA384 (0x1302) TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) TLS_ECDHE_ECDSA_WITH_AES_2...

    5 Agent Answers    2 Community Answers
    Sep 20, 2018 05:50PM UTC
  • Request params scrambled for large request objects

    The captured request show as a scrambled text if the request object is huge. Is there anything I can do to unscramble it or get it to display correctly

    1 Agent Answer    0 Community Answer
    Sep 20, 2018 01:45PM UTC
  • URL not showing in sitemap

    Hi Team, The application URL is visible in the "HTTP history" tab but not in the "Target" tab in the latest Burp Suite 2.0.6 Beta version.

    2 Agent Answers    1 Community Answer
    Sep 20, 2018 09:21AM UTC
  • Android Emulator - ERR_SSL_PROTOCOL_ERROR

    Using Burp Suite CE 1.7.36. Pointing my Android Emulator to use the Burp Proxy running on my localhost. I get the following errors in both Chrome and the Android System WebView. I get them inconsistently, but regularly, while connecting to my company website and application. Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR If I remove Burp from the equation, and point directly at th...

    1 Agent Answer    0 Community Answer
    Sep 18, 2018 08:13PM UTC
  • Burpsuite Beta - SocketException on crawls and audits

    Hi, I'm having an odd situation. I get a socket exception when attempting to perform many, but not all, audits on https sites. These audits work with http(although are immediately redirected to the secure version so that's not exactly helpful), and oftentimes, subdomains other than www will work as well (for instance recently an was successful). Proxying these sites wo...

    1 Agent Answer    0 Community Answer
    Sep 15, 2018 02:57AM UTC
  • BurpSuite v2.0.05beta would freeze if edit raw requst in Repeater

    BurpSuite: v2.0.05beta OS: macos 10.13.6 Working in session, forward a GET request to Repeater, tried to edit a parameter from Raw Request pane, delete the existing param value, try to insert new value. The whole UI just becomes unresponsive. able to move Window, access System Menu. but mouse click anywhere within Windows didn't get any response. Had to force quick the BurpSuite app....

    3 Agent Answers    4 Community Answers
    Sep 13, 2018 07:06PM UTC
  • Burp Pro 2.0.05beta Dynamic analysis injected values do not match reported value reaching sink

    This is being reported as Client-side JSON injection (DOM-based). The value injected does not match the value that is reported as reaching the sink. Dynamic analysis Data is read from input.value and passed to JSON.parse. The source element has id ctl01_SelectedPersonID and name ctl01$SelectedPersonID. The following value was injected into the source: 956229 The previous value re...

    2 Agent Answers    0 Community Answer
    Sep 13, 2018 03:12PM UTC