Getting Started with Burp Suite
Burp Suite Documentation
Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.
| Full Documentation Contents | Burp Projects |
| Suite Functions | Burp Tools |
| Options | Using Burp Suite |
Burp Extender
Burp Extender lets you extend the functionality of Burp Suite in numerous ways.
Extensions can be written in Java, Python or Ruby.
| API documentation | Writing your first Burp Suite extension |
| Sample extensions | View community discussions about Extensibility |
Bug Reports
Report a bug
-
unreliable spelling of Authorization: Bearer in requests leaving the BURP proxy
My attempts to proxy a couple of requests to a test salesforce instance (get auth token from test.salesforce.com, post an action to csXX.salesforce.com with "Authorization: Bearer TOKEN") got "401 Authorization denied". I temporarily changed my shell script to execute the POST request unencrypted to catch the contents of the request leaving the BURP proxy using Wireshark/NPCap...
2 Agent Answers 1 Community AnswerFeb 20, 2018 02:10AM UTC -
Burp Collaborator WAF triggering/not obeying options
Hey, I am currently using Burp to run an assessment on a website. They use Incapsula as a WAF, which is being triggered very frequently. At first I thought it might be related to spidering too fast, but I modified the spider to go extremely slow which didn't help. I then tried browsing the site without proxying through Burp and everything worked as expected. I tried to disable collab...
1 Agent Answer 1 Community AnswerFeb 11, 2018 12:52AM UTC -
Received Fatal Alert: Handshake_Failure
Hi, I am a Burp pro user. My Burp pro throws an error in web screen and Alert tab in the burp like the subject: Received Falat Alert: Handshake_Failure. Firstly, I need to tell you that I took the certificate from http://burp page, then I imported it into my web browser properly. Then I restarted my web browser and Burp Pro. But when I tried to access a specific web site which uses https protoc...
1 Agent Answer 1 Community AnswerFeb 08, 2018 01:45PM UTC -
PortSwigger Certificate invalid
(I'm using macOS High Sierra 10.13.3 and Burp Suite Community Edition v1.7.32) I've followed the instructions to install the Burp Certificate (https://support.portswigger.net/customer/portal/articles/1783085-Installing_Installing%20CA%20Certificate%20-%20Chrome.html) but I still get a security error when I try to visit any URL with both chrome and safari and it won't let me bypass ...
1 Agent Answer 0 Community AnswerFeb 04, 2018 09:34AM UTC -
IParameter Flags
The flag fields in IParameter are set to default visibility. I'm guessing they are intended to be public.
1 Agent Answer 0 Community AnswerFeb 02, 2018 09:30PM UTC -
Burp Overlay Menus no longer Working on Fedora 26
Hi, with Burp version 1.7.31 the overlay menus (like the proxy filter menu) are instantly closing as soon as one clicks on it. It is confirmed working with Burp version 1.7.27. Oracle java version: 1.8.0_162-b12 run command: java -Dawt.useSystemAAFontSettings=on -Dsun.java2d.d3d=false -Dsun.java2d.xrender=false -jar best regards, norman
8 Agent Answers 9 Community AnswersJan 31, 2018 11:09AM UTC -
Burp Infiltrator and WebGoat JAR
Hi there, I downloaded the latest WebGoat release here: https://github.com/WebGoat/WebGoat/releases I tried running Burp Infiltrator in the same folder (eg. /tmp/webgoat/) After trying to run WebGoat JAR file, I get those errors: ```bash java -jar webgoat-server-8.0.0.M9.jar Exception in thread "main" java.lang.IllegalStateException: Failed to get nested archive for entry ...
1 Agent Answer 0 Community AnswerJan 27, 2018 01:40PM UTC -
Scanner Issue Activity import project
When importing a project the scanner issue activity remained empty, no issues were imported. However, when opening the same project normally (during start up of Burp), all of the issues populated the scanner issue activity. Thanks, Paul
2 Agent Answers 1 Community AnswerJan 23, 2018 12:05AM UTC -
Burp import project
Thanks for the new "Burp import project" feature. Burp requires that you have a disk-based project to be able to import projects after opening Burp. So if you have a temporary project then you cannot import. When you save the temporary project, it then becomes a disk based project, but Burp will not let you import a project. There is a way around this, which is to close Burp, re-op...
1 Agent Answer 1 Community AnswerJan 22, 2018 11:52PM UTC -
Memory Leak
Hello, I upgraded Burp today to 1.7.31 on a Kali Linux virtual machine, it runs for about 20 minutes, eats all the RAM, and falls over, even on a very simple site with no scanning (other than passive, and no static code analysis on that). I am going to have to try and downgrade it as I'm in the middle of a job, so not a lot of detail in this post I'm afraid! I've tried seeing if the...
3 Agent Answers 3 Community AnswersJan 22, 2018 01:52PM UTC