Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • Copy-paste bug replication for OSX

    We managed to reproduce an old usability bug! The bug in question is that hotkeys and key combinations don't work properly. Mostly this is visible as copy-paste being broken. Turns out the bug is transferable by some settings that get stored in state files. I, on a mac with the bug occurring, was able to move the bug over to a windows machine where it would be reproduced. This was done by s...

    1 Agent Answer    0 Community Answer
    Aug 24, 2017 09:31AM UTC
  • can't install latest archive : gunzip issue

    Hi, I have the following error when trying to install Burpsuite : --- gzip: sfx_archive.tar.gz: not in gzip format I am sorry, but the installer file seems to be corrupted. If you downloaded that file please try it again. If you transfer that file with ftp please make sure that you are using binary mode. --- Also, I did the following stuff before executing it : --- $ md5sum burp...

    3 Agent Answers    4 Community Answers
    Aug 24, 2017 06:35AM UTC
  • Freeze when changing issues severity

    Hello, I am experiencing freeze with BurpPro. This happens when I try to change the severity of a SQL injection ScanIssue to FP. After, UI don't respond, Burp doesn't use CPU or change memory allocation. When launched from a shell no errors are outputed. Note that does happen only with a few of the issues and when I try change the severity of the whole 'SQL injection' batch...

    5 Agent Answers    2 Community Answers
    Aug 21, 2017 12:48PM UTC
  • BApp Store Submit Rating Broken

    The "Submit Rating" function appears to be broken in the BApp store. When you click one of the stars on the widget, they all turn blank.

    1 Agent Answer    0 Community Answer
    Aug 08, 2017 04:37PM UTC
  • Burp v1.7.24+ NTLM Issues

    A large number of our app testing consultants at SecureWorks have noted that NTLM authentication stopped working once we upgraded past Burp v1.7.23. We have had to downgrade versions to get things working smoothly with NTLM, and I wanted to be sure to let you know that something in this functionality isn't working...Unfortunately I don't have much for details beyond that, but would be ha...

    3 Agent Answers    2 Community Answers
    Aug 08, 2017 01:53PM UTC
  • cookies with small values length are ignored

    I've noticed that missing httponly is not reported for cookies whose values are less than 5 characters long. It this on purpose? Why? thanks

    1 Agent Answer    0 Community Answer
    Aug 07, 2017 12:34PM UTC
  • failed to create Burp project: ExceptionininitializerError

    Hi , After I have updated my kali box (vps) to last release , bu apt-get distro-upgrade ... after that when I have try to create project at the last step show me this error : failed to create Burp project: ExceptionininitializerError , and I cant create any project or open burp suite. =============== log =============== Thanx

    5 Agent Answers    5 Community Answers
    Aug 01, 2017 08:18PM UTC
  • "Response received" column disappears when "Grep Extract" is used

    In Intruder results: - display non-default column "Response received" - add a column based on "Grep - Extract" - the "Response received" column disappeared Not a big deal...

    1 Agent Answer    0 Community Answer
    Jul 27, 2017 08:38PM UTC
  • Burp Collaborator OOB - HTTP

    Correct me if I'm wrong, but using the following payload "@<SNIPPED>" to detect Out-of-band resource load (HTTP) will generate huge false positives, as I was able to trigger an issue for every website GET<SNIPPED> Using the @ symbol seems to redirect all application. Not much information on why @ symbol...

    2 Agent Answers    2 Community Answers
    Jul 27, 2017 11:04AM UTC
  • Smart decode is not smart

    The smart decoder is not working anymore for even simple base64 payloads. Please debug the issue and let me know. Thanks, Rod

    1 Agent Answer    0 Community Answer
    Jul 20, 2017 01:28PM UTC