Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • Missing identification of SQL injection

    Dear Sir, we identified a missing identification of Blind SQL injection on some specific parameter. The SQL injection is presented on a single parameter of a POST request. Like par=pluto par=pluto -> result A par=pippo -> blank page par=pluta -> blank page par=pl'||(SELECT+CHR(117))||'to -> result A par=pl'||(SELECT+CHR(116))||'to -> blank page The D...

    1 Agent Answer    0 Community Answer
    Jun 09, 2015 11:00AM UTC
  • Burp Suite generates "weak ephemeral Diffie-Hellman key" error with Firefox Developer Edit...

    I've been using Burp Suite with Firefox Developer Edition, but as of today, I cannot make HTTPS connections when using Burp Suite as a proxy. I now get the following error message: An error occurred during a connection to www.yahoo.com. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) Unfortu...

    4 Agent Answers    10 Community Answers
    May 28, 2015 07:08PM UTC
  • Extensions loading multiple times when restoring state

    Whenever I restore a state file, it loads extensions multiple times. Burp 1.6.18, Java 8u45. Screenshot: https://imgur.com/sQ9EnMp

    2 Agent Answers    0 Community Answer
    May 19, 2015 05:19PM UTC
  • UI - custom shortcuts - not working in detached tabs

    Hi, when I set up custom keyboard shortcuts in Options:Misc:Hotkeys, they do not work in windows I detach using the Window:'Detach XY' submenu. Regards, igor

    1 Agent Answer    0 Community Answer
    May 18, 2015 05:27PM UTC
  • Possible bug in concrete class of IScanQueueItem

    Hi, I think I may have discovered a small bug with the concrete implementation of the IScanQueueItem returned by the doActiveScan methods. When I try to access a method, I get the following error: Exception in thread "JavaFX Application Thread" java.lang.IllegalAccessException: Class sun.reflect.misc.Trampoline can not access a member of class burp.a4g with modifiers "public&q...

    3 Agent Answers    6 Community Answers
    May 16, 2015 09:48PM UTC
  • Burp goes into headless mode with open jdk version 1.7.0_79

    Hi, Whenever I run Burp Suite on my system it prints following message and goes headless (no splash screen even). If i delete .java/.userPrefs/burp folder, then it even prints the license agreement on the screen. Proxy: Proxy service started on 127.0.0.1:8080 The exact java version is as below, java version "1.7.0_79" OpenJDK Runtime Environment (IcedTea 2.5.5) (7u79-2.5.5-0...

    1 Agent Answer    1 Community Answer
    May 16, 2015 07:16AM UTC
  • Bug in IRequestInfo.getUrl()

    Hello, There is a bug in IRequestInfo.getUrl() that is related to how the hostname is retrieved. Currently getUrl() uses the hostname specified in the target options instead of the Host header in the HTTP request. However, what if the user specified a different hostname with the same target? Plugins would not be able to correctly report the affected URL using the IRequestInfo.getUrl() method if...

    2 Agent Answers    1 Community Answer
    May 14, 2015 01:36AM UTC
  • Request never complete

    Using burp free with OSX 10.10 (also tried in a kali VM using OSX as the host os) I've set up burp now in several different browsers, trusting the SSL certs and all even using the plug-n-hack plugin on firefox to auto setup the configuration, but every time I visit a site it never loads, the requests are logged successfully in burp but we never actually receive the response, not in burp or...

    1 Agent Answer    0 Community Answer
    May 03, 2015 08:52AM UTC
  • Unable to type anything on any field

    Any field that requires me to type anything, does not accept any input. I am using OS X 10.10.2, with Java version 1.8.0_40, and Burp Suite is at v1.6.17. For example, when I go to options-Connections and check to do platform authentication when I choose add the new display opens up but I am not able to type anything. Regards, Michael

    1 Agent Answer    0 Community Answer
    Apr 29, 2015 04:11AM UTC
  • How do i get this fixed ?!

    I've downloaded webGoat which now runs on port 8080, and Burp is installed on port 8181 , i set up the browser connection proxy to 127.0.0.1:8181 burp proxy listener on 127.0.0.1:8181 and the target scope to localhost:8080 and set the upstream proxy servers to mu corporate proxy address i can open all webcites but not http://localhost:8080/WebGoat/welcome.mvc wich im aiming to interce...

    1 Agent Answer    1 Community Answer
    Apr 27, 2015 08:22AM UTC