Getting Started with Burp Suite
Burp Suite Documentation
Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.
| Burp Suite Professional and Community editions | Burp Suite Enterprise Edition |
| Burp Scanner | Burp Collaborator |
| Burp Infiltrator | Full Documentation Contents |
Burp Extender
Burp Extender lets you extend the functionality of Burp Suite in numerous ways.
Extensions can be written in Java, Python or Ruby.
| API documentation | Writing your first Burp Suite extension |
| Sample extensions | View community discussions about Extensibility |
Bug Reports
Report a bug
-
Burp closed without confirmation box
Hi, Not sure this can be considered as a bug but the feature needed to be improved. I launched the burp from cmd command line ( java -jar etc ) to increase the RAM allocation for the software. At one point, I accidentally clicked the command prompt window close button and the burp window closed without any pop-up box to ask for confirmation of close or saving data ( eg. Are you sure you want to...
1 Agent Answer 0 Community AnswerJun 24, 2015 07:42AM UTC -
Content view not picking up resource
I noticed the Contents View in site map sometimes does not pick up specific resources under certain conditions. Ex : An item has been identified during a spider scan as a GET request to /content/script, gets added properly to contents view When browsing the site, the same resource gets accessed as a POST request, going through the proxy. This POST request never appears in the contents view, d...
1 Community AnswerJun 23, 2015 03:52PM UTC -
Missing identification of response splitting vulnerability
We found a that Burp Suite it doesn't test response splitting vulnerability. For example: www.example.com/about.php?date=%0D%0ATest%3A%20no If the HTTP response get the additional header "Test: no" should be reported. https://www.owasp.org/index.php/HTTP_Response_Splitting Regards
1 Agent Answer 0 Community AnswerJun 22, 2015 09:00AM UTC -
Different URLs in Target: Request, Raw and Site map URL
I recognized that the URL in Target, Site map is different from the URL in the Request, Raw window. Here is what is shown in the Site map window right above (list of all URLs): https://www._something_.com/ - GET - /scale.php?timename=SCALE_USER&time=FF:13:15:06:15:08:10:37&id=WEB87431-20150615083 And here is what I see in the Request Raw window: GET /scale.php?id=WEB87431-20150616...
1 Agent Answer 0 Community AnswerJun 18, 2015 01:58PM UTC -
Burp won't start on my OSX machine any more
Hi folks, Finding this one a little tricky to solve. Burp stopped working on my OSX system recently. I run it from the command line with something like: java -Xmx1024m -jar burpsuite_pro_v1.6.18.jar I get the splash screen, it goes away, and nothing else happens. I have an icon in the doc and there's something called 'StartBurp' running, but I never get the standard UI....
2 Agent Answers 2 Community AnswersJun 18, 2015 05:14AM UTC -
Exception on restore state
Trying to restore state on Burp Pro 1.6.18 the following exception occurred: java.lang.IndexOutOfBoundsException: Index: 3, Tab count: 1 at javax.swing.JTabbedPane.checkIndex(JTabbedPane.java:1768) at javax.swing.JTabbedPane.setSelectedIndex(JTabbedPane.java:589) at burp.bec.a(Unknown Source) at burp.xwc.b(Unknown Source) at burp.t2.b(Unknown Source) at burp.bec.addNotify(Unknown So...
1 Agent Answer 0 Community AnswerJun 17, 2015 09:54AM UTC -
Python extension unloading itself periodically
I have a toy Python extension that simply prints out all command-line arguments, and calls exitSuite if there were any to print. About 50% of the time that I run Burp Suite from the command prompt, there is no output and Burp Suite fails to close automatically. I inspect the Extender tab and I find that the extension I wrote is unloaded. I check the "Loaded" box, the extension compiles, ...
1 Agent Answer 1 Community AnswerJun 12, 2015 04:12PM UTC -
Burp triggers DNS queries despite using an upstream proxy
Hi, We are experiencing performance issues with Burp, with some web application pages taking over a minute to load. After investigation, we found out that Burp was issuing local DNS requests which could not be resolved due to our setup: the browser and Burp are installed on a machine located in network A and web requests have to transit over a proxy to reach the web application located in netwo...
1 Agent Answer 5 Community AnswersJun 10, 2015 11:34AM UTC -
Missing identification of SQL injection
Dear Sir, we identified a missing identification of Blind SQL injection on some specific parameter. The SQL injection is presented on a single parameter of a POST request. Like par=pluto par=pluto -> result A par=pippo -> blank page par=pluta -> blank page par=pl'||(SELECT+CHR(117))||'to -> result A par=pl'||(SELECT+CHR(116))||'to -> blank page The D...
1 Agent Answer 0 Community AnswerJun 09, 2015 11:00AM UTC -
Burp Suite generates "weak ephemeral Diffie-Hellman key" error with Firefox Developer Edit...
I've been using Burp Suite with Firefox Developer Edition, but as of today, I cannot make HTTPS connections when using Burp Suite as a proxy. I now get the following error message: An error occurred during a connection to www.yahoo.com. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) Unfortu...
4 Agent Answers 11 Community AnswersMay 28, 2015 07:08PM UTC