Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • Burp Mobile Assistant - empty Source repo on Cydia

    Hi Burp team, I am very grateful for the new Mobile Assistant feature. I downloaded it today (with Free Edition v1.7.21). I can get my jailbroken, ios 9.3.3 device to add my Cydia source: http://localhost:8080 but the package is always empty, after successfully adding the source. I am updated on Cydia Substrate (version 0.9.6301). Any ideas?

    1 Community Answer
    May 01, 2017 01:55PM UTC
  • Bug Report

    Burp Free Edition Are Not Support State Proxy Server So Please Solv It. Ethical Hacker

    1 Agent Answer    0 Community Answer
    Apr 29, 2017 07:35AM UTC
  • Error opening existing project

    When I try to open an existing project after a computer or burp crash, I get the following error message: "An error occurred when starting a project with the selected options. Failed to create Burp project: NullPointerException" I use Burp on OS X El Capitan.

    1 Agent Answer    0 Community Answer
    Apr 27, 2017 07:51AM UTC
  • Unable to load Burp Suite

    Hi, I have installed the Burp Suite Free Edition v1.0.21 using jar. It worked when installed. Now, when I'm trying to open it next time. It just doesn't load. Giving an error when I'm trying to open using Terminal : java.lang.UnsatisfiedLinkError: no splashscreen in java.library.path OS : Ubuntu 16.04 LTS Java : openjdk version "1.8.0_121" OpenJDK Runtime Environm...

    1 Agent Answer    0 Community Answer
    Apr 24, 2017 11:47AM UTC
  • Failed to create Burp project: NullPointerException (v1.7.21)

    C:\>java -jar burpsuite_pro_v1.7.21.jar --project-file="C:\TEMP\testasdf" Failed to create Burp project: NullPointerException Running fine with burpsuite_pro_v1.7.19.jar

    2 Agent Answers    2 Community Answers
    Apr 20, 2017 11:35PM UTC
  • Server Side Code Injection not detected without enabling SQL Injection scanning module

    Hello Team, While testing for python code injections, i observed that the burp suite pro 1.7.21 active scanner does not detect server side code injections without enabling the SQL Injection main module (sub-modules for type of payloads need not be enabled) active scanning area. Using the combination mentioned above, the scanner throws the payload 'eval(compile('for%20x%20in%20rang...

    1 Agent Answer    0 Community Answer
    Apr 19, 2017 01:54PM UTC
  • Burpsuite livelocks in splashscreen without error message

    In a fresh install of Kali Linux on a Raspberry Pi 2 Burpsuite will lock up on the Splashscreen. Steps to reproduce: 1. Flash Kali Linux to an SD-Card. 2. Install and boot. 3. Run the following commands: # apt update # apt full-upgrade # apt autoremove # apt install kali-linux-web # java -jar /usr/bin/burpsuite -Xmx1024m 4. Observe Failure Expected result: Burps...

    2 Agent Answers    1 Community Answer
    Apr 15, 2017 03:07PM UTC
  • "Load user options" problem

    Hi, I want to report a bug that I found on "Burp User Options" section. I have a specific configuration file and I import the file everytime I use Burp. My problem shows up on that importing part. When I import the configuration file, the extensions that i've already added are multiplied. Having the same extension tabs more than one is unnecessary. Can you help me? I share the re...

    3 Agent Answers    1 Community Answer
    Apr 06, 2017 11:22AM UTC
  • Certs invalid on Chrome 58 due to CN Deprecation

    TL;DR: Chrome 58 only looks at the SAN in a cert for validating hostnames and not the CN. Please add a SAN for the hostname when generating the cert. In 2000, RFC 2818 ( "deprecated" checking CN in favor of using SAN. 17 years later, browsers are actually doing so, with Chrome 58 and Firefox 48:

    1 Agent Answer    0 Community Answer
    Mar 22, 2017 04:23PM UTC
  • cookie without secure flag - different issues

    Can you explain the difference in these two issue which have both been flagged on the same site? Issue:  SSL cookie without secure flag set Severity:  Medium Confidence:  Firm Host:  https://abc Path:  / Set-Cookie: ASP.NET_SessionId=054nklywi05mesavwtc3g4ck; path=/; HttpOnly Issue:  SSL cookie without secure flag set Severity:  Information Confidence:  Certain Host:  https://ab...

    1 Agent Answer    0 Community Answer
    Mar 20, 2017 10:26AM UTC