Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • burp should support none http proxy

    burp should support none http proxy, some application use none http to login, so if i proxy the http request, the application can not login! please handle this problem.

    1 Agent Answer    0 Community Answer
    May 21, 2018 07:10AM UTC
  • Detailed scanner activity

    Hello, it often happens that Burp causes 100% CPU usage when the Static Code Analysis is enabled, which is to be expected to a certain degree. Something that would really help understanding what's going on would be some kind of indicator detailing what the scanner is trying to do and where—ie, in the Scan Queue, reporting "Passive / Static Analysis on [URL/File]", so that I can cho...

    2 Agent Answers    2 Community Answers
    May 20, 2018 09:34AM UTC
  • See the requests being made while active scanning

    I'm trying to do active scanning on my current test but I've got a problem that the login session occasionally dies for no apparent reason and when it does this in the middle of a scan the results from that point on are redundant. It would be good to be able to watch the requests and responses to see if the session dies so I can pause it and reauthenticate. I can't use a macro to...

    1 Agent Answer    1 Community Answer
    May 17, 2018 11:31AM UTC
  • option to select/deselect all when picking scan issues

    In Scanner / Options / Scan Issues, there isn't a way to quickly disable or enable all issues. I only wanted to scan for SQLi but had to manually click through every other issue to turn it off. An option to turn them all off or on would be great.

    1 Agent Answer    0 Community Answer
    May 17, 2018 09:09AM UTC
  • User options: Burp collaborator settings

    Hello, it would be very usefull to add a "Burp collaborator settings" into the User options and add a standard "override" feature in the project options. The people who has is own collaborator server otherwise have to set the settings in every burp project. Maurizio

    2 Agent Answers    1 Community Answer
    May 14, 2018 02:08PM UTC
  • Burp Collaborator Polling server proxy/socks setting

    It would very usefull to set a proxy and socks configuration for the polling server of the burp collaborator. Currently no upstream proxy is used. Maurizio

    1 Agent Answer    1 Community Answer
    May 14, 2018 11:05AM UTC
  • Restrict search in responses or requests only

    Hello, Burp is awesome, it would be even more awesome if it were possible, when searching for a string, to restrict the search only in requests or responses. For example, searching for an auth token only in the responses, would make it much quicker to find where a cookie or an HTTP header is assigned.

    1 Agent Answer    0 Community Answer
    May 11, 2018 08:45AM UTC
  • Request chaining

    Hi, I'm testing APIs. In the request, I can upload files, and insert plenty of data. Let's name it /person/edit/123. After it succeeds, I'm returned only true/false. Then I need to request another URL to see what data has been entered, let's call it /person/view/123. Because I need to check another URL, and there is no redirect involved, I've used post request macro w...

    1 Agent Answer    0 Community Answer
    May 10, 2018 12:38PM UTC
  • Force spider engine to wait for page to load (Automated spider)

    Hello, I was testing an intensive application this week and noticed that the spider tool wasn't finding a lot of the content on the site. The spidering was done through a scheduled task, so there was no manual browsing involved. I believe the cause of this is that the site is very JavaScript intensive, and it takes about 5 seconds before all the content is actually loaded on the site. (T...

    1 Agent Answer    0 Community Answer
    May 07, 2018 10:14AM UTC
  • Option to turn off 'OR' based SQL injection tests

    Hey, I noticed that the Burp Suite scanner uses 'OR' based SQL Injection tests by default, and that there is no option to disable this either. I was wondering if it would be possible to add an option in detection methods to separate these kinds of tests. (At least the OR based ones) The reason for this is that for some queries, these OR tests could potentially alter entire tables/da...

    1 Agent Answer    0 Community Answer
    May 03, 2018 06:40AM UTC