Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • SEP quarantined gtc.class in 1.7.23.jar

    Symantec Endpoint Protection is performing a scan on my machine where I have Burp Suite Pro 1.7.23.jar and it has quarantined burp/gtc.class. What type of issues is this going to cause with the functionality of Burp?

    1 Agent Answer    0 Community Answer
    Jul 12, 2017 06:39PM UTC
  • CA CERT

    I'm installing the cert in IE and still unable to pull up HTTPS sites..

    1 Agent Answer    0 Community Answer
    Jul 11, 2017 06:35PM UTC
  • Incompatibility with AkamaiGHost

    I nearly opened a bug report a couple of months ago because I had this happening to me a few times for different web sites. However, as I didn't know the root cause I didn't report it at that time. If you got a lot of strange "Burp doesn't work!" support questions, this might be one explanation. I know this might be a problem of Akamai rather than Burp, but I want you t...

    1 Agent Answer    1 Community Answer
    Jul 05, 2017 03:30PM UTC
  • missing "Unencrypted communications"

    I perfectly understand the issue "Unencrypted communications" but I'm not sure how deterministic Burp is reporting this issue. What are the requirements for Burp to report this? I have done a lot of testing and the behaviour is not deterministic. I do an HTTP request in the browser and some sites get an Unencrypted communications issue, others don't. Are there any rules fo...

    3 Agent Answers    2 Community Answers
    Jul 02, 2017 06:33PM UTC
  • Burpsuite starts up then disapears

    On kali linux, when I open burp suite from the command line it opens and as soon as I click start burp suite disappears but is still running

    1 Agent Answer    0 Community Answer
    Jul 01, 2017 10:06AM UTC
  • Temporary file disk usage and dedicated temp file drives

    Burp Suite's temporary files can rapidly consume disk space when Intercept is off and traffic is high. This is true even when the resource-conserving option "Don't send items to Proxy history or other Burp tools" is enabled and those temporary files have no HTTP History or Site Map entries associated with them. This can create a need to have a dedicated drive for Burp Suite...

    3 Agent Answers    2 Community Answers
    Jun 29, 2017 03:14AM UTC
  • CLI option "--help" doesn't work on Windows

    Hello, on Windows x64 + Oracle v1.8.0_112 (from installation bundle), the "BurpSuitePro.exe" binary doesn't print the Help menu when called with "--help" (it just stops after a few seconds). However, other options like "--config-file" and "--user-config-file" work. Under Linux, everything is OK. Regards, Nicolas

    1 Agent Answer    2 Community Answers
    Jun 28, 2017 02:54PM UTC
  • removeParameter API outputs incorrect request when removing the last Cookie

    There is an API to remove a parameter from a given request in IExtensionHelpers interface (https://portswigger.net/burp/extender/api/burp/IExtensionHelpers.html#removeParameter(byte[],%20burp.IParameter)). I use this API in a custom extension that performs request minimization (https://github.com/ngo/burp-request-minimizer/blob/master/minimizer.py). I often get a corner case when no cookies are ac...

    1 Agent Answer    0 Community Answer
    Jun 22, 2017 08:14PM UTC
  • Burp stops accepting keyboard input

    I am having an issue identical to this one: https://support.portswigger.net/customer/portal/questions/11672133-unable-to-type-anything-on-any-field . The same issue affects OS X 10.12.5 with Java 8 Update 131. This is the current Java version available via the download link provided by Portswigger's 'getting started' page at https://portswigger.net/burp/help/suite_gettingstarted...

    1 Agent Answer    0 Community Answer
    Jun 14, 2017 03:24PM UTC
  • Cross domain script inclusion is not very reliable

    The scanner plugin for cross domain script inclusion is not very reliable - it always shows not nearly all cross domain scripts that are included. For example, if there's a script block on a page that injects another script tag with a 3rd party src, the plugin doesn't detect it. It should be fairly simple to check all requests with a script content type response for the referrer, and ...

    1 Agent Answer    0 Community Answer
    Jun 14, 2017 01:54PM UTC