Getting Started with Burp Suite
Burp Suite Documentation
Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.
Full Documentation Contents | Burp Projects |
Suite Functions | Burp Tools |
Options | Using Burp Suite |
Burp Extender
Burp Extender lets you extend the functionality of Burp Suite in numerous ways.
Extensions can be written in Java, Python or Ruby.
API documentation | Writing your first Burp Suite extension |
Sample extensions | View community discussions about Extensibility |
Feature Requests
Post a feature request
-
User options: Burp collaborator settings
Hello, it would be very usefull to add a "Burp collaborator settings" into the User options and add a standard "override" feature in the project options. The people who has is own collaborator server otherwise have to set the settings in every burp project. Maurizio
2 Agent Answers 1 Community AnswerMay 14, 2018 02:08PM UTC -
Burp Collaborator Polling server proxy/socks setting
It would very usefull to set a proxy and socks configuration for the polling server of the burp collaborator. Currently no upstream proxy is used. Maurizio
1 Agent Answer 1 Community AnswerMay 14, 2018 11:05AM UTC -
Restrict search in responses or requests only
Hello, Burp is awesome, it would be even more awesome if it were possible, when searching for a string, to restrict the search only in requests or responses. For example, searching for an auth token only in the responses, would make it much quicker to find where a cookie or an HTTP header is assigned.
1 Agent Answer 1 Community AnswerMay 11, 2018 08:45AM UTC -
Request chaining
Hi, I'm testing APIs. In the request, I can upload files, and insert plenty of data. Let's name it /person/edit/123. After it succeeds, I'm returned only true/false. Then I need to request another URL to see what data has been entered, let's call it /person/view/123. Because I need to check another URL, and there is no redirect involved, I've used post request macro w...
1 Agent Answer 0 Community AnswerMay 10, 2018 12:38PM UTC -
Force spider engine to wait for page to load (Automated spider)
Hello, I was testing an intensive application this week and noticed that the spider tool wasn't finding a lot of the content on the site. The spidering was done through a scheduled task, so there was no manual browsing involved. I believe the cause of this is that the site is very JavaScript intensive, and it takes about 5 seconds before all the content is actually loaded on the site. (T...
1 Agent Answer 0 Community AnswerMay 07, 2018 10:14AM UTC -
Option to turn off 'OR' based SQL injection tests
Hey, I noticed that the Burp Suite scanner uses 'OR' based SQL Injection tests by default, and that there is no option to disable this either. I was wondering if it would be possible to add an option in detection methods to separate these kinds of tests. (At least the OR based ones) The reason for this is that for some queries, these OR tests could potentially alter entire tables/da...
1 Agent Answer 0 Community AnswerMay 03, 2018 06:40AM UTC -
IPv6 Support
Burp suite currently doesn't support IPv6, except through /etc/hosts tinkering (which fails if there are redirects in the application e.g. to absolute IPs). IPv6 is widely deployed in a number of markets and a professional tool such as burp should fully support it.
4 Agent Answers 3 Community AnswersApr 24, 2018 04:04AM UTC -
Clean/Archive to Reduce Project file Size
Hi, There should be a way to cleanup and reduce project file size to a bare minimum like selectively removing specific stuff from the project file like responses or requests and keeping only settings and vulnerabilities and in-scope items maps
1 Agent Answer 1 Community AnswerApr 23, 2018 10:38PM UTC -
Target analyzer filter
It would be nice if filtering functionality was added to the target analyzer. This way it would for example be possible to quickly filter out parameters used on a certain URL path, useful in big projects.
1 Agent Answer 0 Community AnswerApr 20, 2018 09:16AM UTC -
Feature: URL-safe base64 encoder
Burp Base64 decoder is not URL-safe. When decoding encoding strings with URL-safe generated by tools like below, actual values cannot be obtained. http://www.simplycalc.com/base64url-encode.php
2 Community AnswersApr 18, 2018 06:41AM UTC