Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • Burp API - IContextMenuInvocation - Modified request/response access/hinting

    In the Burp extender API when retrieving the selected messages from the proxy history, I don't see any way to know if the selection occurs into a modified response/request panel or the original one. IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_RESPONSE are the only indicators available. Additionally the IHttpRequestResponse object does...

    3 Agent Answers    2 Community Answers
    Oct 10, 2017 03:38PM UTC
  • Compare site map feature freezes during comparison

    Compare site map feature gets stuck when performing the comparison. This has happened to me almost every time I use the feature against comprehensive sitemap. I've noticed that specific sitemap entries will trigger this error. To circumvent the issue, I have to pinpoint which sitemap entry is the causing the issue by performing the comparison against a small portion of the sitemap until it fr...

    1 Agent Answer    0 Community Answer
    Oct 05, 2017 07:18PM UTC
  • Is external service interaction vulnerability exploitable.

    Hello, In most of the scan, burp reports, External Service Interaction vulnerability either in HTTP/S or DNS. I am not sure how this can be exploited on server side. I see some similarities to SSRF, but could not find any way to exploit. can someone please share some additional information on this?

    1 Agent Answer    0 Community Answer
    Oct 04, 2017 01:51PM UTC
  • Intruder payload bug - square symbols between every character

    Every intruder attack include square blocks between every characker of payload. This happened sometimes, but now it's important case so i have to figure out why this happens here is pic:

    2 Agent Answers    2 Community Answers
    Oct 04, 2017 09:43AM UTC
  • Intercept Client Requests rules doesn't affect for Redirect proxy requests

    In the case of Redirect proxy configuration (Proxy-Options-Edit-Request Handling-Redirect host/port) all the requests will be redirected to that host even a few interception rules were applied. I expect that all the interception rules will be applied to the redirected requests to avoid redirection all the requests out-of-scope.

    1 Agent Answer    0 Community Answer
    Sep 29, 2017 07:41PM UTC
  • Session management & redirection & Active scan

    I have a platform which redirects user to /login page via location header when you are trying to access anything which requires authentication. I have session management set up, with session handling rules to look for expression in locations "HTTP headers", "Response body", as well as URL of redirection target with regexp "location: https:\/\/someTestedDomain\.test\/login&...

    2 Agent Answers    2 Community Answers
    Sep 25, 2017 11:18AM UTC
  • Bug in Scanner Issue Activity

    In my current project the greatest ID is 2634. At some point burp decided to continue the counting from around 1000 and I don't know whether it overwrites my existing vulnerabilities. This behavior has been noticed only on the version 1.7.27.

    4 Agent Answers    3 Community Answers
    Sep 11, 2017 07:24PM UTC
  • Scanner stucks when pausing

    Hello, Many times I see that the scanner doesn't send any more requests and the I pause it. However the message "waiting for pause" never disappears and the scanner is only again usable when I close burp and restart it.

    5 Agent Answers    4 Community Answers
    Sep 11, 2017 02:26PM UTC
  • External service interaction (DNS) false positives

    Hello, in the new versions of burp I am getting a huge amount of false positives of this vulnerability. In all last pentests, burp puts the payload in the HTTP request line, my machine tries to resolve this domain and finally all the instances of these DNS requests are coming from my machine. Am I doing something wrong?

    3 Agent Answers    2 Community Answers
    Sep 11, 2017 02:19PM UTC
  • burp crash

    Hello, after upgrading to 1.7.27 version, in Target->Issues tab, when I have expanded a branch of vulnerabilities and then right click on the main title of the vulnerability and choose all of them to become false positives, then burp freezes. I have tried many things to unfreeze it with no luck.

    2 Agent Answers    1 Community Answer
    Sep 07, 2017 11:14AM UTC