Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Disable Infiltrator payloads with ease

    As part of Active Scan, I know I can fine-tune heuristics to disable Infiltrator for some individual issues. However, I need to sort by Detection Methods, and open each of them to check if Infiltrator is enabled, and then disable it. I can't search for Infiltrator in the search field. Since during most assessments Infiltrator may not be deployed, would it be possible to have a checkbox sayi...

    1 Agent Answer    0 Community Answer
    Jun 22, 2018 08:40AM UTC
  • Can you remove the two click-throughs on loading Burp, or let me set defaults?

    When I open Burp in OS X, I have to click through two screens - the first for project creation/load (defaults to 'Temporary project'), and the second the config loader (defaults to 'Use Burp defaults'). I would love have both those be configured defaults & avoid the double click-through before Burp is in a usable state. (The second screen does have a 'Default to the...

    1 Agent Answer    0 Community Answer
    Jun 21, 2018 10:17PM UTC
  • Randomize Scanning Order Queue

    Is it possible to randomize the order of the scanning queue? If not, can I access the queue from Jython? Thanks Jonas

    1 Agent Answer    1 Community Answer
    Jun 17, 2018 09:47AM UTC
  • report

    Hey, Burp should add a feature to export Report according to OWASP top 10 vulnerability.

    1 Agent Answer    0 Community Answer
    Jun 13, 2018 06:45PM UTC
  • Add a hint to proxy error pages about out of scope responses when dropping out of scope requests

    Hello, It may be helpful for troubleshooting to add a hint to proxy error pages about out of scope responses when dropping out of scope requests. Users may forget that the under the project options tab, connections tab in the out of scope responses section that they have the "drop all out of scope requests" checked when they visit a site that is not yet in scope. A reminder like ...

    1 Agent Answer    0 Community Answer
    Jun 11, 2018 02:53PM UTC
  • Option to create NSS key log file

    It would be great to have an option in Burp to create a NSS Key Log file (https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format), it would really help debugging problems with SSL client certificates and the like! Thanks!

    1 Agent Answer    0 Community Answer
    Jun 11, 2018 10:57AM UTC
  • Dynamically create proxy autoconfig files

    Love your product, been using it for over a decade. I just had an idea for a feature that I think would be really interesting and useful. You could dynamically create a proxy autoconfig file that would only proxy items that are listed in the Burp project scope. If Burp weren't running, this would have the effect of proxying nothing; if it were, it would proxy nothing until something was...

    1 Agent Answer    0 Community Answer
    Jun 06, 2018 04:26AM UTC
  • Issue object also record the original HTTP Message(base request and response)

    Hi Team, Hope Issue object also record the original HTTP Message(base request and response) when record the HTTP messages on the basis of which the issue was generated. why I need this? I want to write a extender that can re-test specified issue (as descripted here: https://support.portswigger.net/customer/portal/questions/14466803-re-run-specific-scanner-checks) . it's need ...

    2 Agent Answers    1 Community Answer
    Jun 03, 2018 02:32AM UTC
  • suite-wide level traffic blacklist

    Hope to add a scope blacklist option."Don't send items to Proxy history or other Burp tools, if in scope black list". and take effect before any other rules that filte traffic. if we just don't want to see noises like those: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=60.0&pver=2.2 https://start.firefoxchina.cn/js/worldinde...

    1 Agent Answer    1 Community Answer
    Jun 03, 2018 02:11AM UTC
  • New Intruder payload processing rules

    - Character length - Modify case: reverse/invert case (also in Case Modification payload type) - Reverse string - Trim whitespace (leading, trailing, both)

    1 Agent Answer    0 Community Answer
    May 29, 2018 07:38PM UTC