Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Custom Macro Parameter in URL Definition

    Hi Portswigger Team, I've noticed that more and more websites use a one-time login page. The landing page defines a one-time valid login request. Since the one-time value is in the URL itself and is no GET parameter (I know that you can add custom GET parameters), it can't be set as parameter in a macro definition (to deal with anti CSRF tokens). Example for such a login request w...

    0 Community Answer
    Oct 20, 2017 09:07AM UTC
  • Load saved project from within Burp

    Hello, It would be nice to have the ability to load a saved project without having to exit Burp and restart it. Are there any plans for implementing such functionality? Thanks, Anthony

    1 Agent Answer    0 Community Answer
    Oct 16, 2017 05:25AM UTC
  • My letter to Santa Burp Team 2017 (Extender API enhancements)

    Dear Santa Burp Team, My name is Luca and I am 37 years old. I have been a very good boy this year, and I would like the following Extender API enhancements: 1) Extend the support of IExtensionHelpers addParameter/removeParameter/updateParameter to PARAM_JSON, PARAM_XML and PARAM_XML_ATTR, PARAM_MULTIPART_ATTR 2) Today, it's possible to add Burp Scan items via (A) doActiveScan/doPass...

    1 Agent Answer    1 Community Answer
    Oct 10, 2017 11:08PM UTC
  • API extensions

    Hi, I wrote an extension some time ago, but abandoned it due to missing API functionality. In particular, I needed the following: Ways to save extension state along with the rest of the saved state. While I could ask users to save it to a separate file, and load it again later, that seems likely to result in corruption and inconsistent state. Ways to obtain a listing (and contents) of ALL...

    1 Agent Answer    0 Community Answer
    Oct 06, 2017 01:34PM UTC
  • JWT Support

    Does burp support session management JWT tokens using Authorization Bearer header? If yes, could anyone provide an explanation?

    1 Agent Answer    0 Community Answer
    Sep 29, 2017 01:40PM UTC
  • Random timing for intruder

    Ability to set intruder to send requests at random times in a given range, for example a random time between 1 and 120 seconds for as many requests as you want.

    2 Agent Answers    1 Community Answer
    Sep 28, 2017 11:20AM UTC
  • Make Search Match better for Comparer

    With SQL injections and other attack vectors it is necessary to check responses. However, if they are too long, it is hard to find highlighted text "by eye". I noticed there is a pre-defined shortcut for "Editor: Go to next search match", which is unfortunately not working for Comparer. Could you make it work there to point to the next highlighted occurrence? Or insert a butto...

    1 Agent Answer    0 Community Answer
    Sep 22, 2017 11:57AM UTC
  • Hide false positives

    Could there be a possibility to hide Issues which were flagged as false positives? Currently in the Site Map -> issues, there can be very large amount if issues marked as false positive; and if new one of that category is discovered, the issue type is put back on top of the list [depending on severity of course]; with the same number + 1. Usecase - since I work on testing environments with dif...

    1 Agent Answer    0 Community Answer
    Sep 22, 2017 11:00AM UTC
  • Scanner Timestamps

    There is a need (I am sure we are not the only ones) to include Timestamps with each scanner result. Having a timestamp included for each result in the scan report would make the found vulnerabilities much easier to trace through the application and server logs. Is this an enhancement that's on the way? Perhaps I am missing something in the tool, but I have not found anything (settings/hel...

    1 Agent Answer    0 Community Answer
    Sep 21, 2017 02:19PM UTC
  • Repeater History after tab closed

    Hi Burp Community. Is it possible to keep Repeater History after a Repeater tab has been closed? Evidence is usually very important and it can get lost if i close my repeater windows. It would help a lot to have a similar history tab as "Proxy History" where all requests issued by the Repeater can be accessed even if the repeater tabs have been closed. When you work with a lot of...

    1 Agent Answer    0 Community Answer
    Sep 20, 2017 02:07PM UTC