Getting Started with Burp Suite
Burp Suite Documentation
Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.
| Burp Suite Professional and Community editions | Burp Suite Enterprise Edition |
| Burp Scanner | Burp Collaborator |
| Burp Infiltrator | Full Documentation Contents |
Burp Extender
Burp Extender lets you extend the functionality of Burp Suite in numerous ways.
Extensions can be written in Java, Python or Ruby.
| API documentation | Writing your first Burp Suite extension |
| Sample extensions | View community discussions about Extensibility |
Bug Reports
Report a bug
-
Uppercase when authenticated with NTLM
Hello, I want to report a important bug. If I use NTLM authentication burpsuite always sets uppercase letters for the login and for some case sensitive database it is problem. Thanks for repair. Excellent would be option, that what I write to login field, the same string will be in the request. Marek
1 Agent Answer 0 Community AnswerFeb 06, 2015 02:12PM UTC -
Font size
When adjusting the font size, there is no changes to the HTTP message section.
2 Agent Answers 1 Community AnswerFeb 02, 2015 01:46AM UTC -
Scan queue being reordered
Pause the scanner, save the state and close Burp. Open Burp and restore the state. The number column under Scanner > Scan queue has been reordered starting at 1 instead of the previous numbers.
1 Agent Answer 0 Community AnswerFeb 02, 2015 01:41AM UTC -
Row highlights
Let's say you have 20 items. You select row 10, hold down 'shift' and hit the 'up' button three times. Instead of lines 7-10 being highlighted, only lines 7-8 highlighted.
1 Agent Answer 0 Community AnswerFeb 02, 2015 01:37AM UTC -
Freezes in scanner
Hi I've have problems running the scanner in 1.6.09, it's very unreliable. It just stopps scanning for no obvious reason, but it is a least not frozen. I can then save the state, kill Burp and reload the state. The scan will then continue for a few more URLs before freezing again. I have tried to set down the number of concurrent connections to just one, but it still just stops. T...
3 Agent Answers 6 Community AnswersJan 30, 2015 08:52AM UTC -
interface catastrophically broken in recently updated Debian 7
BURP Version: 1.6.09 Debian version: 7.8 (Wheezy) JRE: both OpenJDK and Oracle JRE XOrg Server: both XVFB and QXL Invocation: java -jar ./burpsuite_pro_v1.6.09.jar Mode of failure: Burp Suite windows do not respond to any mouse input. Cannot interact with any buttons, tabs, lists, tables, text fields, scroll bars, etc. Other applications work fine. Prior to Monday, Jan 26, Burp Suite...
2 Agent Answers 1 Community AnswerJan 29, 2015 12:31AM UTC -
Missed DOM XSS
We were testing your DOM XSS scanning capability against test web sites (from the makers of Ra.2) and noted to obvious false-negatives that were missed. EXAMPLE 1: http://www.daspatnaik.com/test/demo/dom-xss-02.html RESPONSE 1: <html> <head> <title> DOM XSS 02 </title> <script type="text/javascript"> function timedMsg(callback) ...
1 Agent Answer 0 Community AnswerJan 23, 2015 07:41PM UTC -
Apache Tomcat "Transfer-Encoding" Bug
Hi, When trying to exploit CVE-2010-2227 on a vulnerable Apache Tomcat server I've noticed that Burp (1.6.06) deletes "Transfer-Encoding" HTTP header when using as a proxy. Regards Peter
1 Agent Answer 0 Community AnswerNov 28, 2014 10:54AM UTC -
Restoring State / Backwards Compatibility
I have had an issue viewing a saved scan issue type. I was restoring a state using 1.6.05 after saving it with 1.6.06. Is this a backwards compatibility issue? Cheers, Ian
1 Agent Answer 0 Community AnswerNov 28, 2014 10:36AM UTC -
Burp Crashes at Scan Result
Hi Support, I'm having an issue with Burp where it crashes when attempting to view scan results with large amount of findings in the host. The application stops responding, goes black and does not become available again. I have to close out of it for it to start working. I cant see any error messages. My debug ID is 5cf9f59a4e79e36e470c:c5a0
1 Agent Answer 0 Community AnswerNov 28, 2014 10:08AM UTC