Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Sort Extensions

    In the 'Extender' tab, under 'Extensions' it would be useful to be able to sort the extensions by 'Loaded', 'Type', or 'Name'. For example, when clicking the column title.

    1 Agent Answer    0 Community Answer
    Mar 26, 2018 08:15AM UTC
  • Integrate BurpSuite Scan into the CICD Pipeline

    Is there documentation on how to integrate BurpSuite into the CICD pipeline? For example, once developers check in code into a source repository, a build is pushed to the development. Once the build is complete, I would like BurpSuite to automatically trigger a scan against the newly pushed code. Is this feature available?

    1 Agent Answer    0 Community Answer
    Mar 23, 2018 03:16PM UTC
  • Compare site maps Reporting feature request

    Requesting that the compare site maps feature be able to generate a report of the comparison output after display filters are applied. This would make it convenient to be able to provide a target organization a list of each URI where each access issue occurs.

    1 Agent Answer    0 Community Answer
    Mar 22, 2018 02:53PM UTC
  • Session Handling rules

    Hi. It would be nice to have an option to update the session headers in the session rules. There exist a simillar option that allows us to update parameters and cookies, so why not the headers? I had an issue where the body of the response passed a value that were injected in an header and I found no easy way to do it, ended up passing it as parameter since luckly the app still parsed it if this w...

    1 Agent Answer    1 Community Answer
    Mar 22, 2018 09:56AM UTC
  • Filter only requests/responses in HTTP history

    It would be useful if the 'Filter by search term' allowed you to filter by only requests or only responses or both. Perhaps a checkbox?

    1 Agent Answer    0 Community Answer
    Mar 19, 2018 04:56PM UTC
  • False positives in XSS findings

    Hello, I use Burp scanner regularly and I observed two issues with reflected XSS detection. 1. Sometimes, burp sends the XSS payloads without URL encoding and reports the reflection as XSS. However, all major browsers perform URL encoding of special characters like < , > and "space" when you enter the URL in address bar. So, when producing a PoC, the payload is encod...

    1 Agent Answer    0 Community Answer
    Mar 16, 2018 03:43PM UTC
  • Scan for .DS_Store files

    Check out this writeup: https://en.internetwache.org/scanning-the-alexa-top-1m-for-ds-store-files-12-03-2018/ It would be cool if burp suite could automatically check for .DS_Store files on websites, parse the content, spider the files and check for more .DS_Store files in subfolders.

    1 Agent Answer    0 Community Answer
    Mar 16, 2018 09:30AM UTC
  • scroll with wheel in preview tab

    Currently scroll wheel doesn’t work for the preview tab of a response. It works for all the other tabs. Even better if we can scroll horizontally by holding Shift when scrolling. See https://docs.oracle.com/javase/tutorial/uiswing/components/scrollpane.html for example.

    1 Agent Answer    0 Community Answer
    Mar 15, 2018 07:32PM UTC
  • Select/Deselect All Individual Issues in Scan Options Tab

    I appreciate that there's now the options to 'Select by scan type' and 'Select individual issues' under Scan Options, but selecting individual issues to scan for is a pain when there's no select/deselect all in the 'Enabled' column of the issues table. There's many instances when I'm retesting a specific finding on multiple URLs and want Burp to do...

    1 Agent Answer    0 Community Answer
    Mar 14, 2018 08:14PM UTC
  • Dynamic custom parameter name

    Hi, As per session management/macros, I know I can use "Define custom parameter" to obtain value to specific parameter with static name (e.g. "name"). However, consider a dynamic parameter name. For example, upon requesting the login page, I get "name1234" parameter (notice the counter/nonce appended to the name of the parameter). Upon requesting the login page again...

    1 Agent Answer    0 Community Answer
    Mar 12, 2018 02:43PM UTC