Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • Burp Collaborator : Documentation typo

    In the tutorial for Burp Collaborator, the command to convert certificate from PEM to PKCS8 has a typo. https://portswigger.net/burp/help/collaborator_deploying.html#ssl ``` openssl pkcs8 -topk8 -inform PEM -in keys/burpcollaborator.example.com.key -outform PEM -out keys/burpcollaborator.example.com.key.pkcs8 -nocrypt ``` It should contain: -outform PKCS8

    1 Community Answer
    Mar 07, 2017 12:09AM UTC
  • Extension with JRuby (bug?)

    Hi, I downloaded the new release 1.7.19 that fixes a bug that was introduced in 1.7.18 that prevented Python and Ruby extensions from loading in Windows. But, I think there is still a problem, for example I take an error message when I want to install/reinstall/update the extension that requires 'JRuby' (for ex: dradis, faraday) and the tool shut down. Best regards.

    1 Agent Answer    0 Community Answer
    Mar 02, 2017 07:49AM UTC
  • Possible Path encoding error leading to loading failure of extentions

    When loading a stock extension (In this case, autorize), I encountered this error after updating this morning to the latest version. Version: 1.7.18 OS: Win10 Error: Traceback (most recent call last): File "<string>", line 1, in <module> OSError: (22, 'Invalid argument', 'C:\\Users\\[MYWINDOWSUSERNAME]\\AppData\\Roaming\\BurpSuite\x08apps\x0c9bb...

    1 Agent Answer    1 Community Answer
    Feb 28, 2017 10:09PM UTC
  • CONNECT request for plaintext resource fails

    Hi, While testing Metasploit modules during module development, I will often try to pass the HTTP requests Metasploit is making through burp. However, when Metasploit is interacting with a plaintext resource (no SSL), then proxying through burp doesn't work. Only proxying data through burpsuite to an SSL-enable port will allow me to successfully proxy the data. I have determined that th...

    1 Agent Answer    1 Community Answer
    Feb 28, 2017 04:41PM UTC
  • Burp Scanner doesn't use cookie from session handling rule (makro)

    So because I need some testcases for my new burp plugin I tried scanning the Hackerone bug bounty program of lyst.com https://hackerone.com/lyst . I found a potential bug in Burp's Makro/Session handling. The Makro is not always using the latest cookie that came back in a Set-Cookie header response. My setup: - Burp pro burpsuite_pro_v1.7.17.jar - Disable all scanner checks in "Ac...

    2 Agent Answers    4 Community Answers
    Feb 24, 2017 10:19AM UTC
  • Burp does not set SNI on the outgoing connection to an SSL enabled web server

    Hi there, We run into the following situation the other day: We were testing an SSL enabled application and kept getting connection resets when accessing it via intercepting Burp and correct connections and interactions when accessing it outside a proxy. Some trial error and troubleshooting later it was identified that the server was expecting an SNI to be set. This was validated by us...

    5 Agent Answers    6 Community Answers
    Feb 23, 2017 12:03PM UTC
  • Burp v1.7.17 Pro appears to be dropping HTTPs requests

    Hi everyone. I am having some issues with Burp Suite v1.7.17 Pro. I can load HTTP sites fine and intercept them with the Burp Proxy, but I am unable to load ANY HTTPs sites, the browser just continues to load waiting. I have installed the Burp CA cert as per the instructions. I have tried in Chrome, Firefox and Curl from the commandline to get this working but no luck. I have reset Burp back...

    7 Agent Answers    8 Community Answers
    Feb 20, 2017 01:40AM UTC
  • Firefox Developer Tools shows 200 instead of 302 when using Burp as a proxy

    Not sure why but for some 302 response if I'm using Burp as a proxy on Firefox from Burp Proxy History or Interception I can see the 302 but on Firefox Developer Tools shows me 200. Removing Burp as a proxy from Firefox I can see the same response as 302 on Firefox Developer Tools as supposed to be. On Chrome also using Burp as a proxy the same response I can see as a 302 on Burp and Chrome...

    2 Agent Answers    1 Community Answer
    Feb 16, 2017 05:47PM UTC
  • Bug in Search Windows using openJDK

    Hello dear portswigger team, I have an issue using the Engagement Tools -> Search options. Some times after entering the search word a suggestion window will be created as separate jwindow objects (grey box and white box with digit 1 on the screenshot) and will not be killed after the search windows is closed. That means that these additional windows are still open and running after closing ...

    2 Agent Answers    0 Community Answer
    Feb 16, 2017 12:18AM UTC
  • Burp cant handle same-name cookies set to different paths

    Just chiming in to add another vote for fixing cookie jar handling for cookies with the same name but differing paths. In my case, two different sessionId cookies at root (/) and one at a subdirectory (/service/). Both are necessary for the call. Repeater seems to be adding the first one it encounters in the cookie jar. http://forum.portswigger.net/thread/1110/burp-handle-cookies-different-path...

    2 Agent Answers    1 Community Answer
    Feb 03, 2017 04:18AM UTC