Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Bug Reports

Report a bug

  • Line Feed not showing in response window

    Recently we tested a website for CRLF problems, when sending GET /%23%0dSet-Cookie:%20test=test%20HTTP/1.1 ... the Server answers with an redirect to Location: xxx/#%0dSet-Cookie:... Burps Response Window is hiding the %0d (Line Feed). The 0d is visible in the Hex View. That way the tester thinks the server is not vulnerable, but it is (at least for some browsers). Tested on Debian SID (OpenJDK...

    1 Agent Answer    1 Community Answer
    Jan 26, 2017 10:18AM UTC
  • History logging disabled warning disappears after reload

    In Proxy > Options > Miscellaneous when you check Disable logging to history and site map, a nice warning appears on the top of the Proxy History window saying "History logging disabled". However if you close Burp, reopen the same project, the setting is kept (as it should be), but the warning is gone, so even though requests are not logged in the Proxy History window, there's...

    2 Agent Answers    0 Community Answer
    Jan 25, 2017 10:00AM UTC
  • Cross-site scripting (reflected) Change?

    Cross-site scripting (reflected) now shows as an informational instead of a high finding after the .16 update. Is that supposed to be the case?

    1 Agent Answer    0 Community Answer
    Jan 23, 2017 09:11PM UTC
  • Memory Leak

    Hello, I wanted to chime in to see if there is a possible memory leak with the newest version of burpsuite. I was running a scan that seemed to have been running for almost 24 hours. I soon realized that burpsuite was hitting the 15GB mark for memory consumption. As soon as I saved my data and closed down burpsuite. My memory usage went back down to about 1.5GB. So, I am now wonderi...

    3 Agent Answers    1 Community Answer
    Jan 23, 2017 08:50PM UTC
  • Smart Card not working over Remote Desktop

    We use ActivClient on our local and remote machines for Smart Card authentication. This works fine with IE and Firefox, both local and remote. When Burp is run on the remote machine, it accepts the pin code and appears to work, but never shows any certificates. Technical details that may matter: Remote host is 32-bit Running jre1.8.0_112 using acpkcs211.dll as the library Local host is ...

    1 Agent Answer    2 Community Answers
    Jan 19, 2017 05:13PM UTC
  • Blank page displayed in Firefox when requesting websites behind corporate firewall

    Hi, As the topic says, the browser (Firefox) simply shows a blank page when requesting websites hosted behind our corporate firewall (but not on same network). The behavior is quite strange considering the following: 1) "No proxy for" is empty. 2) This can be reproduced on several workstations in the company. 3) Burp proxy in response intercept mode ON correctly receives the HTML r...

    3 Agent Answers    2 Community Answers
    Jan 18, 2017 04:24PM UTC
  • Executing infiltrator on webgoat-container-7.1-exec.jar

    Hi, don't know if it is a bug or not, but the problem accurs on Windows 7 and Xubuntu 16.04. Java Version: 1.8.0_111 Burp Suite Professional v1.7.15 The Problem: executing the burp_infiltrator_java.jar on webgoat-container-7.1-exec.jar (both files are in the same folder) java -Xmx1024m -jar burp_infiltrator_java.jar --non-interactive (independet if non-interactive or interacti...

    2 Agent Answers    0 Community Answer
    Jan 17, 2017 11:51AM UTC
  • Opening and saving an Intruder attack saves nothing

    Steps to reproduce: 1. Open a previously saved Intruder attack using the "Intruder | Open saved attack" menu item in the main window. 2. Save the attack using the "Save | Attack" menu item. Expected results: Attack state is saved to disk. Actual results: File is created on disk, but with no content (valid ZIP file with an empty Intruder file within). Burp holds a lock...

    2 Agent Answers    0 Community Answer
    Jan 12, 2017 04:15PM UTC
  • ECB Block Shuffler Payload type behaviour

    Not sure if this is bug or im doing it wrong but i tried using the ECB Payload of Burpsuite with base request of: GET /payment/callback?data=5765679f0870f4309b1a3c83588024d7c146a4104cf9d2c80cf1fc4796100e1128df361f896eb3c3706cda0474915040 HTTP/1.1 As you can see the "data" is a sequence of 96 characters. And what i expected when i run intruder w/ "ECB Block Shuffler" would...

    2 Agent Answers    2 Community Answers
    Jan 02, 2017 02:23AM UTC
  • Version burpsuite_pro_v1.7.15 (OSX) is crashing when trying to start

    While trying to start, the burp window opens but closes just after the screen refresh. It is strange because the JVM don't crash. The worst part is, I can not use the older version to reopen the project as now burps understand it was created for a newer version. Thanks

    1 Agent Answer    0 Community Answer
    Dec 21, 2016 06:33PM UTC