Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • request in browser feature missing proxy port

    Since the port is missing a copy and paste will not work without the user modifying the link. Perhaps this is intentional (I realize there could be more than one proxy listener on different ports). If there is multiple proxy listeners it would suffice to simply list all links with different ports, otherwise if only one listener, default to including the port?

    1 Agent Answer    0 Community Answer
    Dec 09, 2015 11:47PM UTC
  • Decoder hash buttons broken?

    Are the decoder Hash buttons working? text would put of MD5 hash of 'Foobar' shows as '‰Õs›ª»¾e¾5Ëæˆàm' instead of '89D5739BAABBBE65BE35CBE61C88E06D'. I'm on Burp v1.6.31

    1 Agent Answer    0 Community Answer
    Dec 09, 2015 11:05PM UTC
  • Scrolling button dissapears

    The last few versions of Burp Pro (apologies I cannot recall which version I firstly identified this) suffer from a quite annoying bug. The scroll button in most of the windows/features that requires this, disappears soon after the window fills up with the intended data. If not mistaken in the last version (1.6.31) you are able to re-size the window and eventually the scroll bar re-appears but...

    2 Agent Answers    2 Community Answers
    Dec 08, 2015 10:37AM UTC
  • CTRL+C, CTRL+* Does not work in Burpsuite

    Hey Guys, Me and a few guys in work are all experiencing this same issue with Burpsuite. In the Proxy/Repeater panes, any short cuts that require CTRL do not work. However, CTRL+X,C and V all continue to work in search boxes and the Decoder Pane. This is pretty frustrating. Using Burpsuite_pro_v1.6.31 on Windows 7 64-bit with Java v1.7.0_80

    1 Agent Answer    1 Community Answer
    Dec 07, 2015 09:22AM UTC
  • Character corruption in repeater

    Whenever i am using the burp repeater, the response display in raw is garbled/corrupted characters, showing mixes of unrecognizable characters (white boxes etc). This does not happen on any other parts, just on the repeater. i tried changing the display settings, character sets, but still the problem exist. Also tried using latest and previous versions of burp, and updaating java/jre. This happens...

    1 Agent Answer    1 Community Answer
    Dec 04, 2015 04:52PM UTC
  • Mystery URL tested as HTTP response header injection error

    After upgrading to version 1.6.30, found 4 critical errors. After debugging the issue seems like to tool is arbitrarily has a bug. See below for more details. Severe error category: HTTP response header injection. Basically the test case is trying to introduce a newline char in the URL and try to see if that can introduce anything on response header. Unfortunately I have 4 URL's for wh...

    1 Agent Answer    0 Community Answer
    Nov 23, 2015 11:55PM UTC
  • Remote host drops connection unless SSL passthrough is used?

    This is a weird one. I'm working on an assessment over a VPN connection (:/) and am able to interact with the site directly from any browser at my disposal. I can also interact with the site if I'm proxying through Burp *and* have SSL passthrough selected for that host. However, if I disable pass-through for that host and access the site via burp, OR simply attempt to connect to the...

    1 Agent Answer    0 Community Answer
    Nov 18, 2015 03:55PM UTC
  • Open Redirection.

    Even though you have shown complete disregard for my feature requests, and tell me to "write my own" (we're not all coders, ya know? And I'm not requesting dumb $h!t like a button), I'm surprised you missed such a simple, glaring vulnerability .... especially since under "Scanner", IT'S ONE OF THE THINGS FOR WHICH YOU TEST. Your competitor didn't miss ...

    1 Agent Answer    0 Community Answer
    Nov 14, 2015 12:49PM UTC
  • Scanner issue 0x00000000

    Hello, Since v1.6.30 an issue with 0x00000000 index has been added which contains OS command injection description. I guess that's a mistake. Davy

    1 Agent Answer    0 Community Answer
    Nov 12, 2015 01:08PM UTC
  • Self-signed certificate with CN=PortSwigger in invisible mode

    Hi, When I'm using an proxy listener with "invisible proxying support" in "Per-host" certificate mode. I get a wrong self-certificate with CN=PortSwigger. It works as expected if I use a browser like firefox or curl: curl --insecure --verbose ... * Server certificate: * subject: C=PortSwigger; O=PortSwigger; OU=PortSwigger CA;

    2 Agent Answers    1 Community Answer
    Nov 09, 2015 06:09PM UTC