Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • Repeater Content-Length is not recalculated when json content is modified

    Hi, Quite often in the repeater when you deal with a POST with a Content-Type: application/json;charset=utf-8, when you modify the json body the repeater doesn't recalculate the content-length header. If you add some characters after the json structure the repeater recalculâtes the content length, but if you modify the json structure the content-length is not recalculated. This is very ann...

    3 Agent Answers    3 Community Answers
    Dec 01, 2016 09:21AM UTC
  • Let's Encrypts certificates

    Burp appears to mark certs issued by Let's Encrypt as untrusted. Because of this, some plugins, like the relatively recent Dradis Framework plugin will fail.

    1 Agent Answer    3 Community Answers
    Nov 29, 2016 11:16AM UTC
  • Burp Suite SSL Certificate Error (peer not authenticated)

    Hi, We have encounter wired error while intercepting an application with SSL. 1480321180146 Repeater Auto-selected SSL parameters for domainstagxyz.domainxyz.com: default protocols, TLS_DH_anon_WITH_AES_256_GCM_SHA384 1480321180146 Repeater javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 1480321252531 Proxy javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated ...

    3 Agent Answers    2 Community Answers
    Nov 28, 2016 09:40AM UTC
  • handshake failure using strong cipher suites

    Description: Clients requesting (exclusively) strong cipher suites are unable to connect to Burp proxy. Burp always causes handshake failure. Software used: oracle jdk1.8.0_122, burp suite 1.7.06 How to reproduce: remove restrictions for strong cipher suites in java setup burp proxy to listen transparently on e.g. 127.0.0.1:9999 run openssl s_client -cipher 'ECDHE-RSA-AES256-SHA384...

    6 Agent Answers    9 Community Answers
    Nov 21, 2016 10:19AM UTC
  • In the active scan, sqli and judgment has a problem

    My English is not good. In the active scan, (and 1=1) and (and 1=2 ) The returned result is different but the scan Not detected There is a problem

    1 Agent Answer    0 Community Answer
    Nov 20, 2016 01:59AM UTC
  • Problem running burpsuite_free_linux_v1_7_10.sh on 32-bit Debian 8.6

    Hello! After downloading burpsuite_free_linux_v1_7_10.sh from the website, allowing execution (chmod +x), then running it (even with sudo) I get the following error message: Unpacking JRE ... Starting Installer ... /home/user/burp.sh.1645.dir/jre/bin/java: 1: /home/user/burp.sh.1645.dir/jre/bin/java: Syntax error: end of file unexpected (expecting ")") Any advice?

    2 Agent Answers    1 Community Answer
    Nov 16, 2016 02:29AM UTC
  • Burp Project looses data

    So this problem can cause loss of data in already saved project? Because is what happened to me unfortunately. Also, you know on which OS this problem can occur?

    2 Agent Answers    1 Community Answer
    Nov 15, 2016 05:21PM UTC
  • Downloading updates via the BURP scanner tool

    To Whom this May Concern, I am attempting to download newer versions of the tool via the update prompt that comes up in the tool. When I click to download the installer it appears to be downloading and gets to 100%. After that the screen stays at 100% without actually downloading the update. I have attempted this via versions 1.7.07 and 1.7.06. Is this an issue? Is there anyone else...

    1 Agent Answer    2 Community Answers
    Nov 15, 2016 03:10PM UTC
  • Burp Project looses data

    I used burp 1.7.10 for a whole day without problems. I created a new project and at the end of the day i just closed burp without any errors or problems. The 2nd day i opened the same project and everything was fine, no errors or anything strange and every request from the previous day was there. I just continued my PT as normal. After 4-5 hours (in the morning everything worked fine and as far as...

    1 Agent Answer    0 Community Answer
    Nov 14, 2016 09:12AM UTC
  • Burp Active Scanner failed to detect certain XSS in JSON requests

    Burp Active Scanner is unable to detect certain kinds of JSON parameter which are vulnerable to XSS Please refer to the below screenshot: https://dl.dropboxusercontent.com/u/9636822/jsonxss.png During manual penetration testing, the parameter “isNeedCheckSpecialCountryConsents” is vulnerable to XSS as shown in the screenshot. However, Burp Active Scanner is unable to detect this vulnerabi...

    1 Agent Answer    1 Community Answer
    Nov 14, 2016 07:34AM UTC