Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • Invalid cert warnings with Chrome 64 on Ubuntu 16.04.03 with Burp version 1.7.32

    I regenerated the Burp certificate, extracted it (cacert.der) from the above-mentioned chrome using "http://burp/cert", copied the cert to /usr/share/ca-certificates/extra, used openssl to translate the DER form to PEM form to file cacert.crt. Then ran dpkg-reconfigure ca-certificates to import the new certificate. When bringing up a secure site in the browser through the command lin...

    2 Agent Answers    2 Community Answers
    Feb 20, 2018 07:49PM UTC
  • Session Validity Check

    Hello, I have a couple of cases where I need two session handling rules: 1. One for logging in after deauth/logout 2. One for checking for 500 responses and reacting with a POST When I fire the request (causing logout) and check the tracer, it detects the invalid session and executes the login macro, so all fine. When I fire the request (causing 500) and check the tracer, it runs the fir...

    1 Agent Answer    1 Community Answer
    Feb 20, 2018 11:26AM UTC
  • unreliable spelling of Authorization: Bearer in requests leaving the BURP proxy

    My attempts to proxy a couple of requests to a test salesforce instance (get auth token from test.salesforce.com, post an action to csXX.salesforce.com with "Authorization: Bearer TOKEN") got "401 Authorization denied". I temporarily changed my shell script to execute the POST request unencrypted to catch the contents of the request leaving the BURP proxy using Wireshark/NPCap...

    2 Agent Answers    1 Community Answer
    Feb 20, 2018 02:10AM UTC
  • Burp Collaborator WAF triggering/not obeying options

    Hey, I am currently using Burp to run an assessment on a website. They use Incapsula as a WAF, which is being triggered very frequently. At first I thought it might be related to spidering too fast, but I modified the spider to go extremely slow which didn't help. I then tried browsing the site without proxying through Burp and everything worked as expected. I tried to disable collab...

    1 Agent Answer    1 Community Answer
    Feb 11, 2018 12:52AM UTC
  • Received Fatal Alert: Handshake_Failure

    Hi, I am a Burp pro user. My Burp pro throws an error in web screen and Alert tab in the burp like the subject: Received Falat Alert: Handshake_Failure. Firstly, I need to tell you that I took the certificate from http://burp page, then I imported it into my web browser properly. Then I restarted my web browser and Burp Pro. But when I tried to access a specific web site which uses https protoc...

    1 Agent Answer    1 Community Answer
    Feb 08, 2018 01:45PM UTC
  • PortSwigger Certificate invalid

    (I'm using macOS High Sierra 10.13.3 and Burp Suite Community Edition v1.7.32) I've followed the instructions to install the Burp Certificate (https://support.portswigger.net/customer/portal/articles/1783085-Installing_Installing%20CA%20Certificate%20-%20Chrome.html) but I still get a security error when I try to visit any URL with both chrome and safari and it won't let me bypass ...

    1 Agent Answer    0 Community Answer
    Feb 04, 2018 09:34AM UTC
  • IParameter Flags

    The flag fields in IParameter are set to default visibility. I'm guessing they are intended to be public.

    1 Agent Answer    0 Community Answer
    Feb 02, 2018 09:30PM UTC
  • Burp Overlay Menus no longer Working on Fedora 26

    Hi, with Burp version 1.7.31 the overlay menus (like the proxy filter menu) are instantly closing as soon as one clicks on it. It is confirmed working with Burp version 1.7.27. Oracle java version: 1.8.0_162-b12 run command: java -Dawt.useSystemAAFontSettings=on -Dsun.java2d.d3d=false -Dsun.java2d.xrender=false -jar best regards, norman

    4 Agent Answers    4 Community Answers
    Jan 31, 2018 11:09AM UTC
  • Burp Infiltrator and WebGoat JAR

    Hi there, I downloaded the latest WebGoat release here: https://github.com/WebGoat/WebGoat/releases I tried running Burp Infiltrator in the same folder (eg. /tmp/webgoat/) After trying to run WebGoat JAR file, I get those errors: ```bash java -jar webgoat-server-8.0.0.M9.jar Exception in thread "main" java.lang.IllegalStateException: Failed to get nested archive for entry ...

    1 Agent Answer    0 Community Answer
    Jan 27, 2018 01:40PM UTC
  • Scanner Issue Activity import project

    When importing a project the scanner issue activity remained empty, no issues were imported. However, when opening the same project normally (during start up of Burp), all of the issues populated the scanner issue activity. Thanks, Paul

    2 Agent Answers    1 Community Answer
    Jan 23, 2018 12:05AM UTC