Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • Clickbandit broken in latest Chrome?

    Hi, Clickbandit appears to be broken in Chrome 62, and if I'm understanding the issue correctly, it's been broken since Chrome 60 due to this change: The symptoms are that when you click "finish" after clicking around the target site, nothing appears to happen, and an error in the console is reported...

    1 Agent Answer    0 Community Answer
    Nov 03, 2017 01:57AM UTC
  • Drop down menu bug

    In some cases, when burp presents a drop down menu with previous used values (for example when filling in the Fixed time trottle in the options of intruder), the white "block" which is an empty drop down menu does not dissapear after filling in or clicking somewhere else. This white blocks stay in front of the screen until you quit burp, which is really annoying if you have to read the v...

    2 Agent Answers    1 Community Answer
    Nov 02, 2017 03:05PM UTC
  • Burp Suit and genymotion not rendering https traffic correct.

    I am trying to intercept Chrome https traffic in Genymotion. I have installed the certificate in android and I am not using an external proxy. Wifi connection on Genymotion is set to (localhost) and port 8080 which is the listener settings in Genymotion. I have followed all instructions in the documentation. I get connection to Burp Suit but the site that is requested is not di...

    1 Agent Answer    0 Community Answer
    Nov 01, 2017 05:28PM UTC
  • Header lines with improper terminators manipulated by Burp in strange ways

    I'm currently testing an embedded device with a cgi-script that terminates header lines with only '\n', and '\n\n' at the end of all headers. While not RFC-compliant, browsers seem to handle this just fine. However, when it goes through Burp, the '\n\n' is replaced with '\n\r\n\r\n', which the browser interprets as *3* newlines, causing an extra newli...

    1 Agent Answer    0 Community Answer
    Oct 29, 2017 12:54AM UTC
  • Scanner misses vulnerabilitites due to improper application demarcation

    Hello, Consider this scenario: Application A https://hostname/ (out of scope) Application B https://hostname/appB/ (in scope) If we choose to scan application B, then the scanner checks only application A for server level issues. So we miss the application's B vulnerabilities and at same time we touch another app that we shouldn't. Note: Target->File field is set to ^/appB/.*...

    3 Agent Answers    2 Community Answers
    Oct 28, 2017 01:59PM UTC
  • unknown host error

    please tell solution . when i browse and intercept and request is forward then error show is unknown host

    2 Agent Answers    2 Community Answers
    Oct 21, 2017 04:58AM UTC
  • UTF-8 search not working

    When I'm in Repeater, and copy string containing UTF-8 characters (like word "käytettävissä") from the response, it is not found (in the same response). Could you enhance search to cover UTF-8 characters as well?

    1 Agent Answer    0 Community Answer
    Oct 16, 2017 06:49AM UTC
  • Burp API - IContextMenuInvocation - Modified request/response access/hinting

    In the Burp extender API when retrieving the selected messages from the proxy history, I don't see any way to know if the selection occurs into a modified response/request panel or the original one. IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_RESPONSE are the only indicators available. Additionally the IHttpRequestResponse object does...

    3 Agent Answers    2 Community Answers
    Oct 10, 2017 03:38PM UTC
  • Compare site map feature freezes during comparison

    Compare site map feature gets stuck when performing the comparison. This has happened to me almost every time I use the feature against comprehensive sitemap. I've noticed that specific sitemap entries will trigger this error. To circumvent the issue, I have to pinpoint which sitemap entry is the causing the issue by performing the comparison against a small portion of the sitemap until it fr...

    1 Agent Answer    0 Community Answer
    Oct 05, 2017 07:18PM UTC
  • Is external service interaction vulnerability exploitable.

    Hello, In most of the scan, burp reports, External Service Interaction vulnerability either in HTTP/S or DNS. I am not sure how this can be exploited on server side. I see some similarities to SSRF, but could not find any way to exploit. can someone please share some additional information on this?

    1 Agent Answer    0 Community Answer
    Oct 04, 2017 01:51PM UTC