Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • External service interaction (DNS & HTTP)

    Dear Team, During my assessment of a Web app, BurpSuite gave below High Vulnerabilities: 1. Out-of-band resource load (HTTP) 2. External service interaction (DNS & HTTP) Example of a Request & response: Request Response Could you please send more detailed remediations of this. What does the developers actually have to do to overcome this vulnerabilities? This...

    1 Agent Answer    0 Community Answer
    Aug 20, 2018 03:05PM UTC
  • Target: Issues - Selected tab should be kept open when browsing findings (like Proxy History does)

    If I select certain tab in 'Proxy > HTTP History', it is kept open even if I change to a different request line (e.g. 'Original response', 'Auto-modified response'). The same does not happen in 'Target > Site map > Issues' tab - after change to another issue the tab open is 'Advisory' by default. Going through reponses in hundreds of sub-i...

    1 Agent Answer    1 Community Answer
    Aug 16, 2018 03:49PM UTC
  • Filter by highlight color in history tab under proxy

    Hello , It would be a useful feature to have a filter based on different colors available for highlighting. One can categorize while testing and then while writing reports , find requests / responses quickly by filtering.

    1 Agent Answer    0 Community Answer
    Aug 08, 2018 03:08PM UTC
  • Import client certificate from PKCS12 containing more than one cert

    Back-story: I work with a lot of p12 files that contain an encryption cert and a signing cert for the same user DN, often with the encryption cert first in the p12 file. I have inadvertently wasted more time than I want to admit banging my head against my keyboard that a p12 which works fine in Firefox is completely broken in Burp Pro. (eventually finding the problem, usually after setting up Wir...

    1 Agent Answer    0 Community Answer
    Aug 02, 2018 12:54AM UTC
  • View insertion points of "Scan items" in the scanner

    It would be great to know which "Insertion points" the Scanner used for a certain request (aka "Scan item"): right now only the total number of them is showed, but not their location.

    2 Agent Answers    1 Community Answer
    Jul 30, 2018 09:40AM UTC
  • Have a "Duplicate Tab" option in repeater

    Add a way to duplicate a repeater tab

    1 Agent Answer    0 Community Answer
    Jul 25, 2018 01:16AM UTC
  • NTLM Replay

    Currently if I want to browse some website through Burp with an NTLM authentication I need to provide to Burp the credentials. Since by design NTLM is prone to re(p)lay attack, why can't Burp just replay the challenges and responses withoout needing the credentials? Thank you Joel

    1 Agent Answer    0 Community Answer
    Jul 23, 2018 03:22PM UTC
  • Tab Name Editing

    Hi , I am using Burpsuite Pro edition 1.7.35 and i am big fan of Burpsuite Extensions. I use plenty of them and the problem that i face while using them is that the name of some of these extensions is so long that it really hogs up the real-estate of my burp window. This is further exacerbated when i load multiple extensions so the initial layer of tabs with repeater,proxy etc.. bloats up int...

    1 Agent Answer    0 Community Answer
    Jul 19, 2018 06:38AM UTC
  • Adding a name field to the Upstream Proxy Servers list

    Apologies if this is a duplicate, I haven't found a similar request. I'd like to request a feature which adds a user-configurable name or title field to each entry under Upstream Proxy Servers. I work at a place with a large number of proxies and bastion hosts, and frequently need to switch between them in Burp. The majority are localhost:xxxx, which makes it difficult to remember whi...

    1 Agent Answer    0 Community Answer
    Jul 19, 2018 03:56AM UTC
  • Collaborator feature to exfiltrate data

    Currently the collaborator it allow only to understand if a specific request generate an interaction with the collaborator on own payload. It would be very useful to add a feature to show in burp also exfiltrated data. For example, a normal collaborator DNS request is: Having the possibility to add data like will help tester, for example: ...

    1 Agent Answer    1 Community Answer
    Jul 05, 2018 07:56AM UTC