Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • Burp crashes, asking for license key on relaunch

    Hi there! I've encountered something pretty odd today twice. I'm running the 64-bit Windows version of Burp Suite Pro (1.7.27) and the application just crashes. Upon relaunching, I'm prompted to enter my license key. I'm not sure what's causing the crash, but I'm more concerned about having to enter my license key as I don't want to take up our activations (if...

    1 Agent Answer    11 Community Answers
    Nov 15, 2017 09:11PM UTC
  • burp proxy seems extremely slow since updating to macOS high Sierra

    Hi - is there any update coming out to burp professional to fix this? I am having major issues with my proxy speed since updating. Thanks

    5 Agent Answers    7 Community Answers
    Nov 14, 2017 02:37PM UTC
  • '--project-file' Pauses Scanner

    I made a post a week ago (here: about automatically saving the project file. I was told about the --project-file parameter, which I have tried to use but looks like it has a bug. When you start BURP with --project-file, it correctly creates the project file in the right location, but it seems to ...

    1 Agent Answer    1 Community Answer
    Nov 09, 2017 09:13AM UTC
  • Clickbandit broken in latest Chrome?

    Hi, Clickbandit appears to be broken in Chrome 62, and if I'm understanding the issue correctly, it's been broken since Chrome 60 due to this change: The symptoms are that when you click "finish" after clicking around the target site, nothing appears to happen, and an error in the console is reported...

    1 Agent Answer    0 Community Answer
    Nov 03, 2017 01:57AM UTC
  • Drop down menu bug

    In some cases, when burp presents a drop down menu with previous used values (for example when filling in the Fixed time trottle in the options of intruder), the white "block" which is an empty drop down menu does not dissapear after filling in or clicking somewhere else. This white blocks stay in front of the screen until you quit burp, which is really annoying if you have to read the v...

    2 Agent Answers    1 Community Answer
    Nov 02, 2017 03:05PM UTC
  • Burp Suit and genymotion not rendering https traffic correct.

    I am trying to intercept Chrome https traffic in Genymotion. I have installed the certificate in android and I am not using an external proxy. Wifi connection on Genymotion is set to (localhost) and port 8080 which is the listener settings in Genymotion. I have followed all instructions in the documentation. I get connection to Burp Suit but the site that is requested is not di...

    1 Agent Answer    0 Community Answer
    Nov 01, 2017 05:28PM UTC
  • Header lines with improper terminators manipulated by Burp in strange ways

    I'm currently testing an embedded device with a cgi-script that terminates header lines with only '\n', and '\n\n' at the end of all headers. While not RFC-compliant, browsers seem to handle this just fine. However, when it goes through Burp, the '\n\n' is replaced with '\n\r\n\r\n', which the browser interprets as *3* newlines, causing an extra newli...

    1 Agent Answer    0 Community Answer
    Oct 29, 2017 12:54AM UTC
  • Scanner misses vulnerabilitites due to improper application demarcation

    Hello, Consider this scenario: Application A https://hostname/ (out of scope) Application B https://hostname/appB/ (in scope) If we choose to scan application B, then the scanner checks only application A for server level issues. So we miss the application's B vulnerabilities and at same time we touch another app that we shouldn't. Note: Target->File field is set to ^/appB/.*...

    3 Agent Answers    2 Community Answers
    Oct 28, 2017 01:59PM UTC
  • unknown host error

    please tell solution . when i browse and intercept and request is forward then error show is unknown host

    1 Agent Answer    1 Community Answer
    Oct 21, 2017 04:58AM UTC
  • UTF-8 search not working

    When I'm in Repeater, and copy string containing UTF-8 characters (like word "käytettävissä") from the response, it is not found (in the same response). Could you enhance search to cover UTF-8 characters as well?

    1 Agent Answer    0 Community Answer
    Oct 16, 2017 06:49AM UTC