Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • skip server-side injection not preventing requests

    Adding an entry to "Skip server-side injection..." in the Scanner Options does not prevent that (for instance) parameter from being actively tested, i.e. making requests with payloads on that parameter. I need to add the exclusion entry to the "Skip all tests for these parameters" option to ensure no payload is injected in that parameter, thus preventing any request with that ...

    3 Agent Answers    3 Community Answers
    Mar 22, 2018 02:55PM UTC
  • Automatic backup failed

    Get this message: https://i.imgur.com/XDPPoHl.png Burp Suite Professional 1.7.32. Not sure if there are any error logs I could look at anywhere?

    1 Agent Answer    0 Community Answer
    Mar 16, 2018 11:12AM UTC
  • Cookies not updated for proxy anymore

    Hello, Session handling rules/Rule Actions: Use cookies from the session handling cookie jar with Proxy set as the scope does not work anymore. It used to work in previous versions. It was one of most important feature and was used with tools w/o support for complicated session handling.

    2 Agent Answers    2 Community Answers
    Mar 15, 2018 02:02PM UTC
  • Proxy dont record some of the requets

    Hi, I use the proxy to capture the request i made to my api. Some of the requests are not captured by the proxy (mostly PUT and DELETE) any idea why?

    1 Agent Answer    0 Community Answer
    Mar 14, 2018 12:44PM UTC
  • Scanner do not resume

    Hello, During an active scan I canceled some items and paused the scan (or the opposite, I don't recall the exact sequence). The results was when I tried to resume the scan, the items I wanted to scan stayed in "waiting" state and indicators showed that 0 threads were available. Rebooting Burp fixed it. Note that I didn't try to increase the number of parallel requests (in c...

    1 Agent Answer    1 Community Answer
    Mar 13, 2018 07:59AM UTC
  • Duplicate entries for single project in disk project list

    I noticed this weird behavior when I named one like "thatProject" with a mix of upper and lower letters now it always show as duplicate entries in projects list like: "ThatProject" "/path/ThatProject.burp" "thatProject.burp" "/path/thatProject.burp" I cleaned and removed configurations and everything and whenever I type that name as a projec...

    4 Agent Answers    4 Community Answers
    Mar 12, 2018 09:19PM UTC
  • java.net.SocketException: Permission denied: connect

    I'm constantly seeing the error "java.net.SocketException: Permission denied: connect" in my Alerts tab for all the domains that I'm testing and I have no clue what's the root cause. Tried to google this error specific for Burp Suite Pro and also did some search here at Support Center but no lucky. It seems no one had this problem before. Could you please help me with so...

    2 Agent Answers    3 Community Answers
    Mar 08, 2018 08:06PM UTC
  • Cookies set to a blank value

    This issue occurs when running the scanner tool (I haven't tested on other tools), and if you have the setting to update the cookie jar from responses for the tool. If one of your responses contains an empty cookie (e.g. ASP.NET_SessionId=) then the cookie in the cookie jar is updated to be empty. I understand the site probably shouldn't be returning an empty cookie on response he...

    1 Agent Answer    0 Community Answer
    Mar 08, 2018 03:16PM UTC
  • SSL websocket connection on not standard port send to port 443

    I'm trying to intercept secure websocket traffic of an application with burp. I've set up an invisible proxy listener on port 8081 (the port of the websocket server). The websocket upgrade request is captured correctly by burp, but for some strange reason burp sends the request to port 443. Because there is a normal webserver running on this port, the webserver returns status 200 and...

    1 Agent Answer    0 Community Answer
    Feb 23, 2018 08:29AM UTC
  • Scope exclude requires include

    It seems that the In-Scope defining doesn't allow defining scope using only rules that exclude addresses. A way to circumvent this seems to be to make a single include rule for IP-address range 0.0.0.0/0.

    1 Agent Answer    0 Community Answer
    Feb 23, 2018 07:18AM UTC