Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • removeParameter API outputs incorrect request when removing the last Cookie

    There is an API to remove a parameter from a given request in IExtensionHelpers interface (https://portswigger.net/burp/extender/api/burp/IExtensionHelpers.html#removeParameter(byte[],%20burp.IParameter)). I use this API in a custom extension that performs request minimization (https://github.com/ngo/burp-request-minimizer/blob/master/minimizer.py). I often get a corner case when no cookies are ac...

    1 Agent Answer    0 Community Answer
    Jun 22, 2017 08:14PM UTC
  • Burp stops accepting keyboard input

    I am having an issue identical to this one: https://support.portswigger.net/customer/portal/questions/11672133-unable-to-type-anything-on-any-field . The same issue affects OS X 10.12.5 with Java 8 Update 131. This is the current Java version available via the download link provided by Portswigger's 'getting started' page at https://portswigger.net/burp/help/suite_gettingstarted...

    1 Agent Answer    0 Community Answer
    Jun 14, 2017 03:24PM UTC
  • Cross domain script inclusion is not very reliable

    The scanner plugin for cross domain script inclusion is not very reliable - it always shows not nearly all cross domain scripts that are included. For example, if there's a script block on a page that injects another script tag with a 3rd party src, the plugin doesn't detect it. It should be fairly simple to check all requests with a script content type response for the referrer, and ...

    1 Agent Answer    0 Community Answer
    Jun 14, 2017 01:54PM UTC
  • Bad view in win10 when zoom 150%

    I use 150% zoom (win10 config for screen) on my 13.3" laptop. And Burp Suite looks badly, all fuzzy.

    4 Agent Answers    4 Community Answers
    Jun 10, 2017 11:04PM UTC
  • Burp Suite requires discrete GPU on macOS

    When running Burp Suite on a macOS machine with a discrete GPU the GPU is activated which reduces the battery life of the device. Does Burp Suite specifically require access to the GPU? I suspect this is most likely related to Java rather than Burp Suite itself as there is a bug report for it https://bugs.openjdk.java.net/browse/JDK-8041900 [main report] https://bugs.openjdk.java.net/browse...

    1 Agent Answer    0 Community Answer
    Jun 08, 2017 07:11AM UTC
  • https:// sites not loading

    Https sites are not loading when interception on.CA certificates are already instslled.i recently updated burp to 1.7 version but no luck.but i can still acess to http://burp ..im using java version 1.8 on my kali linux pc .plz hlp... Any solution...

    1 Agent Answer    0 Community Answer
    Jun 02, 2017 10:09AM UTC
  • Save State Bug Report

    I was trying to save the state of a project and received this error. burp.rmc at burp.d7g.a(Unknown Source) at burp.ung.a(Unknown Source) at burp.wng.a(Unknown Source) at burp.p2d.a(Unknown Source) at burp.p2d.next(Unknown Source) at burp.scf.a(Unknown Source) at burp.hxh.a(Unknown Source) at burp.nae.a(Unknown Source) at burp.jyb.a(Unknown Source) at burp.eof.a(Unknown So...

    1 Agent Answer    0 Community Answer
    Jun 01, 2017 07:58PM UTC
  • Strict transport security not enforced without request/response

    The Strict transport security not enforced issues do not show a request/response. This does not make any sense, there was at least one response that had no HSTS header for Burp to show that issue, so it makes sense to report which response cause that. Actually you could report that for all the responses that lack the header, similar to what is done to other issues.

    1 Agent Answer    0 Community Answer
    May 31, 2017 12:55PM UTC
  • security testing

    Hi Team, Can you please tell me how to test URL for finding issues like iframe , cross scripting, SSL, cookie vulnerability, HTTPonly & secure. Thanks

    1 Agent Answer    0 Community Answer
    May 29, 2017 10:33AM UTC
  • BUG

    CO2 DOWNLAD AND EROR BrupSuite

    1 Agent Answer    0 Community Answer
    May 29, 2017 09:19AM UTC