Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • Temporary file disk usage and dedicated temp file drives

    Burp Suite's temporary files can rapidly consume disk space when Intercept is off and traffic is high. This is true even when the resource-conserving option "Don't send items to Proxy history or other Burp tools" is enabled and those temporary files have no HTTP History or Site Map entries associated with them. This can create a need to have a dedicated drive for Burp Suite...

    3 Agent Answers    2 Community Answers
    Jun 29, 2017 03:14AM UTC
  • CLI option "--help" doesn't work on Windows

    Hello, on Windows x64 + Oracle v1.8.0_112 (from installation bundle), the "BurpSuitePro.exe" binary doesn't print the Help menu when called with "--help" (it just stops after a few seconds). However, other options like "--config-file" and "--user-config-file" work. Under Linux, everything is OK. Regards, Nicolas

    1 Agent Answer    2 Community Answers
    Jun 28, 2017 02:54PM UTC
  • removeParameter API outputs incorrect request when removing the last Cookie

    There is an API to remove a parameter from a given request in IExtensionHelpers interface (https://portswigger.net/burp/extender/api/burp/IExtensionHelpers.html#removeParameter(byte[],%20burp.IParameter)). I use this API in a custom extension that performs request minimization (https://github.com/ngo/burp-request-minimizer/blob/master/minimizer.py). I often get a corner case when no cookies are ac...

    1 Agent Answer    0 Community Answer
    Jun 22, 2017 08:14PM UTC
  • Burp stops accepting keyboard input

    I am having an issue identical to this one: https://support.portswigger.net/customer/portal/questions/11672133-unable-to-type-anything-on-any-field . The same issue affects OS X 10.12.5 with Java 8 Update 131. This is the current Java version available via the download link provided by Portswigger's 'getting started' page at https://portswigger.net/burp/help/suite_gettingstarted...

    1 Agent Answer    0 Community Answer
    Jun 14, 2017 03:24PM UTC
  • Cross domain script inclusion is not very reliable

    The scanner plugin for cross domain script inclusion is not very reliable - it always shows not nearly all cross domain scripts that are included. For example, if there's a script block on a page that injects another script tag with a 3rd party src, the plugin doesn't detect it. It should be fairly simple to check all requests with a script content type response for the referrer, and ...

    1 Agent Answer    0 Community Answer
    Jun 14, 2017 01:54PM UTC
  • Bad view in win10 when zoom 150%

    I use 150% zoom (win10 config for screen) on my 13.3" laptop. And Burp Suite looks badly, all fuzzy.

    5 Agent Answers    5 Community Answers
    Jun 10, 2017 11:04PM UTC
  • Burp Suite requires discrete GPU on macOS

    When running Burp Suite on a macOS machine with a discrete GPU the GPU is activated which reduces the battery life of the device. Does Burp Suite specifically require access to the GPU? I suspect this is most likely related to Java rather than Burp Suite itself as there is a bug report for it https://bugs.openjdk.java.net/browse/JDK-8041900 [main report] https://bugs.openjdk.java.net/browse...

    1 Agent Answer    0 Community Answer
    Jun 08, 2017 07:11AM UTC
  • https:// sites not loading

    Https sites are not loading when interception on.CA certificates are already instslled.i recently updated burp to 1.7 version but no luck.but i can still acess to http://burp ..im using java version 1.8 on my kali linux pc .plz hlp... Any solution...

    1 Agent Answer    0 Community Answer
    Jun 02, 2017 10:09AM UTC
  • Save State Bug Report

    I was trying to save the state of a project and received this error. burp.rmc at burp.d7g.a(Unknown Source) at burp.ung.a(Unknown Source) at burp.wng.a(Unknown Source) at burp.p2d.a(Unknown Source) at burp.p2d.next(Unknown Source) at burp.scf.a(Unknown Source) at burp.hxh.a(Unknown Source) at burp.nae.a(Unknown Source) at burp.jyb.a(Unknown Source) at burp.eof.a(Unknown So...

    1 Agent Answer    0 Community Answer
    Jun 01, 2017 07:58PM UTC
  • Strict transport security not enforced without request/response

    The Strict transport security not enforced issues do not show a request/response. This does not make any sense, there was at least one response that had no HSTS header for Burp to show that issue, so it makes sense to report which response cause that. Actually you could report that for all the responses that lack the header, similar to what is done to other issues.

    1 Agent Answer    0 Community Answer
    May 31, 2017 12:55PM UTC