Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Burp 2: Application Login - 2nd authentication step

    The New Login Credentials accept username and password. Would it be possible to introduce an optional 2nd authentication step, like PIN (with static value)? For example, user needs to fill in username+password, followed by PIN on 2nd page for authentication to be complete.

    1 Agent Answer    1 Community Answer
    Sep 03, 2018 07:30AM UTC
  • Burp 2: Application Login - credentials test button

    Hi, I love the new Application Login. Would it be possible to have a Test/Try button there? After clicking on this button, the new Chromium rendering view could be opened, showing the page after successful login (or better yet, the entire process of logging in). This button would serve to double-check if Burp login is indeed successful when attempted.

    1 Agent Answer    0 Community Answer
    Sep 03, 2018 06:59AM UTC
  • How to prevent Mod_security being activated when using the burp suite?

    Hello, I have 3 questions. 1) How to prevent Mod_security being activated when using the burp suite? Websites are blocking my ip address... to solve this problem I want to automatically change my IP address each X seconds. So this is my second question: 2))I want to use an IP changer tool which will listen to the same address (127.0.0.1) and port (8080)as the burp suite. but I read that its im...

    1 Agent Answer    0 Community Answer
    Aug 28, 2018 01:26PM UTC
  • Attack payloads in unquoted JSON attributes

    I observed that burp scanner sends attack payloads in unquoted JSON attributes, which usually results in server side parsing errors. I repeated the attack request with quoted attribute and there were no parsing errors. Will it be a good idea to add quotes to unquoted attribute after inserting the payloads during active scan ? I am just spitballing, I may be wrong. Thank you !

    1 Agent Answer    0 Community Answer
    Aug 22, 2018 04:32PM UTC
  • External service interaction (DNS & HTTP)

    Dear Team, During my assessment of a Web app, BurpSuite gave below High Vulnerabilities: 1. Out-of-band resource load (HTTP) 2. External service interaction (DNS & HTTP) Example of a Request & response: Request Response Could you please send more detailed remediations of this. What does the developers actually have to do to overcome this vulnerabilities? This...

    1 Agent Answer    0 Community Answer
    Aug 20, 2018 03:05PM UTC
  • Target: Issues - Selected tab should be kept open when browsing findings (like Proxy History does)

    If I select certain tab in 'Proxy > HTTP History', it is kept open even if I change to a different request line (e.g. 'Original response', 'Auto-modified response'). The same does not happen in 'Target > Site map > Issues' tab - after change to another issue the tab open is 'Advisory' by default. Going through reponses in hundreds of sub-i...

    1 Agent Answer    1 Community Answer
    Aug 16, 2018 03:49PM UTC
  • Filter by highlight color in history tab under proxy

    Hello , It would be a useful feature to have a filter based on different colors available for highlighting. One can categorize while testing and then while writing reports , find requests / responses quickly by filtering.

    1 Agent Answer    0 Community Answer
    Aug 08, 2018 03:08PM UTC
  • Import client certificate from PKCS12 containing more than one cert

    Back-story: I work with a lot of p12 files that contain an encryption cert and a signing cert for the same user DN, often with the encryption cert first in the p12 file. I have inadvertently wasted more time than I want to admit banging my head against my keyboard that a p12 which works fine in Firefox is completely broken in Burp Pro. (eventually finding the problem, usually after setting up Wir...

    1 Agent Answer    0 Community Answer
    Aug 02, 2018 12:54AM UTC
  • View insertion points of "Scan items" in the scanner

    It would be great to know which "Insertion points" the Scanner used for a certain request (aka "Scan item"): right now only the total number of them is showed, but not their location.

    2 Agent Answers    1 Community Answer
    Jul 30, 2018 09:40AM UTC
  • Have a "Duplicate Tab" option in repeater

    Add a way to duplicate a repeater tab

    1 Agent Answer    0 Community Answer
    Jul 25, 2018 01:16AM UTC