Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Make Search Match better for Comparer

    With SQL injections and other attack vectors it is necessary to check responses. However, if they are too long, it is hard to find highlighted text "by eye". I noticed there is a pre-defined shortcut for "Editor: Go to next search match", which is unfortunately not working for Comparer. Could you make it work there to point to the next highlighted occurrence? Or insert a butto...

    0 Community Answer
    Sep 22, 2017 11:57AM UTC
  • Hide false positives

    Could there be a possibility to hide Issues which were flagged as false positives? Currently in the Site Map -> issues, there can be very large amount if issues marked as false positive; and if new one of that category is discovered, the issue type is put back on top of the list [depending on severity of course]; with the same number + 1. Usecase - since I work on testing environments with dif...

    1 Agent Answer    0 Community Answer
    Sep 22, 2017 11:00AM UTC
  • Scanner Timestamps

    There is a need (I am sure we are not the only ones) to include Timestamps with each scanner result. Having a timestamp included for each result in the scan report would make the found vulnerabilities much easier to trace through the application and server logs. Is this an enhancement that's on the way? Perhaps I am missing something in the tool, but I have not found anything (settings/hel...

    0 Community Answer
    Sep 21, 2017 02:19PM UTC
  • Repeater History after tab closed

    Hi Burp Community. Is it possible to keep Repeater History after a Repeater tab has been closed? Evidence is usually very important and it can get lost if i close my repeater windows. It would help a lot to have a similar history tab as "Proxy History" where all requests issued by the Repeater can be accessed even if the repeater tabs have been closed. When you work with a lot of...

    1 Agent Answer    0 Community Answer
    Sep 20, 2017 02:07PM UTC
  • Support Center Watch + Vote feature

    Hi, I would like to ask if there could be a way in the future to flag some issues not reported by myself but rather other people, which I could subscribe to to receive an email with any new comment. So like "Watch" functionality. I can see many things which I would be interested in tracking, but I can't do so at the moment. Also, I lack a Vote (or +1) button, which people could us...

    2 Agent Answers    1 Community Answer
    Sep 19, 2017 08:02AM UTC
  • Add checks for php:// filter

    Would be really nice if the scanner checks for php:// filter requests. Example request: http://xqi.cc/index.php?m=php://filter/convert.base64-encode/resource=index

    1 Agent Answer    0 Community Answer
    Sep 15, 2017 06:46PM UTC
  • test Cross-site scripting in scanner using encoded payloads

    Hello , I observed that the scanner was testing reflected XSS issues using payloads that are not URL encoded. This sometimes results in false positives as all modern popular browsers URL-encode special characters in address bar by default. Please let me know your thoughts on this. Nevertheless, Burp is the single greatest tool for a web pentester. Thank you :)

    1 Agent Answer    0 Community Answer
    Sep 13, 2017 08:59PM UTC
  • Search lacks scanner option

    Hello, It would be very useful if there is a tickbox in Burp->Search. Many times I have very large projects and I want to exclude the scanner results and some other times include them. Thank you

    1 Agent Answer    0 Community Answer
    Sep 13, 2017 07:22PM UTC
  • Save intruder

    Hello, It would be great If we could save the intrusion tab.

    1 Agent Answer    0 Community Answer
    Sep 13, 2017 07:17PM UTC
  • More reliable authenticated scanning

    1) Consider this scenario: burp is configured to determine if the session is valid every 30 requests. Lets assume that the session will expire on the 20th request. In this case burp will recover the session but will have "wasted" the 21th until the 29th payload. It will be good if scanner keeps track what is going on and request again the whole group of 30 payloads. 2) Authenticated s...

    3 Agent Answers    2 Community Answers
    Sep 11, 2017 03:06PM UTC