Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

 New Post View All

Feature Requests

 New Post View All

Burp Extensions

 New Post View All

Bug Reports

 New Post View All
Support Home
Getting Started

Getting Started with Burp Suite

Getting Started Home
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Burp Suite Professional and Community editions Burp Suite Enterprise Edition
Burp Scanner Burp Collaborator
Burp Infiltrator Full Documentation Contents
Documentation Home
Knowledge Base
Training

Burp Suite Training

Troubleshooting
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
Burp Extender Home
BApp Store
Release Notes
Support Center Feature Requests

Feature Requests

Post a feature request

  • In intruder, setting up payload with "Grep - Match"

    When I use intruder, I have to set up payload and "Grep - Match" each time. So I would like to set up them same time.

    1 Agent Answer    0 Community Answer
    Apr 04, 2015 03:22PM UTC
  • Load Macro Parameter from File

    When configuring a macro item, each parameter's value has the option of "Use preset value" or "Derive from prior response". I'd like the capability to load a parameter's value from a file at runtime by specifying a relative path to the file. I often use saved states to automate scanning and have macros to re-login to an application. I would like for people ...

    0 Community Answer
    Apr 03, 2015 06:07PM UTC
  • Showing Current Request with the Last Response from the Macro

    When using Intruder/Repeater with "Post Request Macro" and setting "Pass back to the invoking tool:" = "The final response from the macro", Intruder/Repeater only show the pair of "the final request sent by Post Request Macro" and "the final response from the macro". However, "the final request sent by Post Request Macro" does not...

    1 Agent Answer    0 Community Answer
    Apr 02, 2015 12:58AM UTC
  • Support for Kerberos Auth.

    Any chances this feature will be supported in the near future?

    2 Agent Answers    9 Community Answers
    Apr 01, 2015 08:44AM UTC
  • Decoder enhancements - user interface

    Two items to request (both mentioned in former user forum): 1. Multiple decoder tabs (self-explanatory) 2. Clipboard context menu within the input field. This seems simple enough, but essentially this will give users keyboardless paste. Why is this important? Sometimes it's easier to work off of clipboard contents than the "Send to Decoder" context menu item, especially when tho...

    1 Agent Answer    0 Community Answer
    Mar 26, 2015 10:49PM UTC
  • Decoder enhancements - algorithms

    To minimize switching between Burp and other tools for crypto-analysis, add more options to Burp's Decoder. Here are a few suggestions: - keyed algorithms (DES, 3DES, AES, XOR, ROTn, etc) - Anything OpenSSL enc/dec provides - Custom algorithms (API hooked?)

    1 Agent Answer    0 Community Answer
    Mar 26, 2015 10:43PM UTC
  • Disable update checks

    An option to disable update checks on startup would be great. This setting should also disable update checks when upstream proxy server settings are changed. This would be especially useful for Burp users that test in high-secure network environments isolated from the public Internet.

    4 Agent Answers    5 Community Answers
    Mar 26, 2015 10:39PM UTC
  • Disable popup window for automatic backups

    When automatic backups are enabled, a window pops up and gains operating system focus to display backup process. When Burp is not the active Window, this can interrupt use of other applications. This is common for long-running scans. Please change this behavior, to avoid stealing focus. For example, display the progress bar either inside an existing window or in the title bar of the existing ma...

    1 Agent Answer    1 Community Answer
    Mar 11, 2015 08:50PM UTC
  • Additional step for scanner options when launching active scanner.

    It would be awesome to have an additional step when launching an active scan, for configuring what are the parameters that we want to scan without have to mess with the general config. For example: Lets say that for this scan I only want to test MySQL SQL Injections in URL parameters or only want to test for XSS in Body Parameters.

    2 Agent Answers    4 Community Answers
    Mar 06, 2015 10:59AM UTC
  • Add tests for SQL injection with Tabs rather than Spaces?

    I was working through the Pentester Lab: Web For Pentester (https://www.vulnhub.com/entry/pentester-lab-web-for-pentester,71/) SQL injections, and the Example 2 injection rejects all inputs with spaces in them. Using TAB characters (%09) instead of spaces works, but running the page through Burp Suite Pro's Active Scanner doesn't pick up on the vulnerability. Are there any plans to im...

    1 Agent Answer    0 Community Answer
    Mar 06, 2015 04:50AM UTC
Burp Suite Web vulnerability scanner Burp Suite editions Release notes
Vulnerabilities Cross-site scripting (XSS) SQL injection OS command injection File path traversal
Customers Organizations Testers Developers
Company About us Careers Contact Legal Privacy notice
Insights Web Security Academy Blog The Daily Swig
Follow us

© 2018 PortSwigger Ltd.