Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • New Intruder payload processing rules

    - Character length - Modify case: reverse/invert case (also in Case Modification payload type) - Reverse string - Trim whitespace (leading, trailing, both)

    1 Agent Answer    0 Community Answer
    May 29, 2018 07:38PM UTC
  • Intruder: allow negative Step values for Character Blocks, Dates payload types

    .

    1 Agent Answer    0 Community Answer
    May 29, 2018 07:29PM UTC
  • Detect UTF-8 encodings in Content-Type header

    Currently request body and response body is decoded with Latin-1, inferred from question 17199168. The "Latin-1" is very ambiguous, but here I suppose "code page 1252" is referred to. According to HTTP standard, if Content-Type header specifies a "charset" directive, HTTP body should be decoded with that character encoding (see https://developer.mozilla.org/en-US/docs...

    1 Agent Answer    0 Community Answer
    May 25, 2018 10:27PM UTC
  • Emptying cookie jar with new session

    When I have a name of the cookie which is changing with different sessions (cookie name is dynamic as well), Burp stores each new name in the cookie jar and then sends it within the requests. Within a session management, it would be great to have a checkbox. When the session is deemed invalid, Burp would clear the entire cookie jar. In such a case, all the new cookies would be valid (since the...

    2 Agent Answers    1 Community Answer
    May 23, 2018 02:23PM UTC
  • Content Discovery button for add items to sitemap, or cancel it

    Hello. In some cases Content Discovery may find many trash and add it to sitemap. If you don`t wait it, you not uncheck box of automatically site map add items. I think, it`s will be good for button for: 1. Add in sitemap all found items 2. Remove from sitemap all items which was added by current Content Discovery session

    1 Agent Answer    0 Community Answer
    May 23, 2018 09:58AM UTC
  • Automatic dropping of out-of-scope requests

    There are many connections to domains outside of the defined scope, like detectportal.firefox.com, safebrowsing.googleapis.com and others. Is it possible to entirely drop such requests? That they would never make it through proxy; and also so that they wouldn't be populated in the Alerts? If I'm behind proxy, I can see many of such connections to out-of-scope domains which I don't w...

    2 Agent Answers    2 Community Answers
    May 23, 2018 09:14AM UTC
  • burp should support none http proxy

    burp should support none http proxy, some application use none http to login, so if i proxy the http request, the application can not login! please handle this problem.

    1 Agent Answer    0 Community Answer
    May 21, 2018 07:10AM UTC
  • Detailed scanner activity

    Hello, it often happens that Burp causes 100% CPU usage when the Static Code Analysis is enabled, which is to be expected to a certain degree. Something that would really help understanding what's going on would be some kind of indicator detailing what the scanner is trying to do and where—ie, in the Scan Queue, reporting "Passive / Static Analysis on [URL/File]", so that I can cho...

    2 Agent Answers    2 Community Answers
    May 20, 2018 09:34AM UTC
  • See the requests being made while active scanning

    I'm trying to do active scanning on my current test but I've got a problem that the login session occasionally dies for no apparent reason and when it does this in the middle of a scan the results from that point on are redundant. It would be good to be able to watch the requests and responses to see if the session dies so I can pause it and reauthenticate. I can't use a macro to...

    1 Agent Answer    1 Community Answer
    May 17, 2018 11:31AM UTC
  • option to select/deselect all when picking scan issues

    In Scanner / Options / Scan Issues, there isn't a way to quickly disable or enable all issues. I only wanted to scan for SQLi but had to manually click through every other issue to turn it off. An option to turn them all off or on would be great.

    1 Agent Answer    0 Community Answer
    May 17, 2018 09:09AM UTC