Getting Started with Burp Suite
Burp Suite Documentation
Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.
| Full Documentation Contents | Burp Projects |
| Suite Functions | Burp Tools |
| Options | Using Burp Suite |
Burp Extender
Burp Extender lets you extend the functionality of Burp Suite in numerous ways.
Extensions can be written in Java, Python or Ruby.
| API documentation | Writing your first Burp Suite extension |
| Sample extensions | View community discussions about Extensibility |
Bug Reports
Report a bug
-
1.7.17
This bug just started this morning with 1.7.17..... Temporary project -> load from configuration file-> Start Burp Loads 2 tabs for every extension.
2 Agent Answers 3 Community AnswersFeb 02, 2017 04:04PM UTC -
V1.7.17 and v1.7.16 Issues in Target Tab
When you run active scan and look at the scan queue, 2 issues found and I come back to the target tab and click on the target and don't see any issues listed in the issues box. In the previous versions this wasn't a problem. A bug probably? Thanks! Iswarya
1 Agent Answer 0 Community AnswerFeb 01, 2017 08:09PM UTC -
Restoring a saved state
Hey, I was trying to restore a saved state and I keep recieving the same message. The state was stored in 1.7.14 and restored in 1.7.16 burp.f6c at burp.g1g.a(Unknown Source) at burp.g1g.a(Unknown Source) at burp.une.a(Unknown Source) at burp.l4f.g(Unknown Source) at burp.uxc.a(Unknown Source) at burp.a3b.a(Unknown Source) at burp.a3b.a(Unknown Source) at burp.z2b.a(Unknown...
1 Agent Answer 0 Community AnswerFeb 01, 2017 04:21AM UTC -
Scanner errors, but logs show no errors
Running Burp Pro 1.7.16. I'm attempting to do an active scan against selected values in a PUT request. Here is an example of the data. {"notes":"Test","userN":"pentest"} I've marked "Test" and "pentest" in Intruder ({"notes":"§Test§","userN":"§pentest§"}) and sent it to Active scan....
1 Agent Answer 0 Community AnswerJan 31, 2017 11:12PM UTC -
ca certificate
I am attempting to install the CA Cert for Firefox via the link found here: https://support.portswigger.net/customer/portal/articles/1783087-Installing_Installing%20CA%20Certificate%20-%20FF.html Which is: http://burp/ This redirects me to a text site not related to burp. Where do I find the certificate, and more importantly, can that link be fixed?
1 Agent Answer 1 Community AnswerJan 31, 2017 04:41PM UTC -
Burp Proxy fails to load the page if browsed to a website with specific port # mentioned
I tried to connect to a web server with specific port number (ex., http://199.63.23.23:12030). Burp proxy failed to load and says "unable to connect". Where with same proxy configuration able to connect to same & other servers. pls help.
2 Agent Answers 1 Community AnswerJan 31, 2017 10:46AM UTC -
'SSL Pass Through' traffic is incorrectly forwarded through an upstream proxy
When the SSL Pass Through function is used in combination with an upstream proxy server proxy, the proxy is used incorrectly, causing the proxy to deny TLS connections that are passed through. Expected behaviour would be that Burp performs a CONNECT request to the proxy server, providing it with the target host; after receiving a 200 response, it can proceed forwarding the TLS messages to the p...
3 Agent Answers 3 Community AnswersJan 30, 2017 12:09PM UTC -
Text highlighted ... in black
Suddenly today, when I click in any Burp window that shows text, the text gets "highlighted" in black. And it's black text. So I can't see anything. If I open a different tool in Burp, and then come back, the view is restored, but only until I click in it. Then it goes black again. Screenshot from fresh Burp Project where I only browsed to Portswigger: https://postimg.org/...
3 Agent Answers 3 Community AnswersJan 27, 2017 03:31PM UTC -
Line Feed not showing in response window
Recently we tested a website for CRLF problems, when sending GET /%23%0dSet-Cookie:%20test=test%20HTTP/1.1 ... the Server answers with an redirect to Location: xxx/#%0dSet-Cookie:... Burps Response Window is hiding the %0d (Line Feed). The 0d is visible in the Hex View. That way the tester thinks the server is not vulnerable, but it is (at least for some browsers). Tested on Debian SID (OpenJDK...
1 Agent Answer 1 Community AnswerJan 26, 2017 10:18AM UTC -
History logging disabled warning disappears after reload
In Proxy > Options > Miscellaneous when you check Disable logging to history and site map, a nice warning appears on the top of the Proxy History window saying "History logging disabled". However if you close Burp, reopen the same project, the setting is kept (as it should be), but the warning is gone, so even though requests are not logged in the Proxy History window, there's...
2 Agent Answers 0 Community AnswerJan 25, 2017 10:00AM UTC
