Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Global Regex Rules

    Hello all, I would like to see a feature similar to "Proxy->Options>Match and Replace" that would affect not only the requests proxied by Burp but all the request within Burp. I explain, sometime, I would spider and scan a web application let's say on a Monday so the requests on the "Target" tab will all have the "Session Cookie" I have been given on ...

    1 Community Answer
    Jan 17, 2017 11:32AM UTC
  • Spider and Scanner History

    We were performing an application penetration test on an internal production application with the Spider on.Now, blame it on whoever , our pentesters forgot to turn off the Form submitting feature of Spider and it went ahead and added all the pre-set data into the application. Which is obvious because its meant to do that. However,the task which we were asked to perform after our little debacle w...

    1 Agent Answer    0 Community Answer
    Jan 13, 2017 06:54AM UTC
  • Mark targets as preferred - Site Map

    Hi Team, While we perform an assessment for any webpage it shows all the sites under Site Map, but we have only limited sites under assessment scope on which we want to focus. A tag to mark some site as preferred (moving it to top of the list under "site map") will help targeting only specific sites, it will prevent til from scrolling all the way to identify inscope (not burp but ass...

    1 Agent Answer    0 Community Answer
    Jan 04, 2017 11:40AM UTC
  • Possibility to sort Name column in the Open existing project panel

    It is not possible to sort ASC or DESC by pressing the column name in the Open Existing Project panel. This is very useful to have. Thank you. Keep up the good work.

    2 Agent Answers    1 Community Answer
    Jan 03, 2017 03:15PM UTC
  • Burp 2FA integration - Disable human intervention during 2FA process

    Hi, In today's best practice, medium risk and above applications implement some form of 2FA solution with sensitive functionality like authentication , forgot password, enabling transaction, account activation etc. Challenge: If the application implements 2FA, then the user that operates Burp suite must intervene in the process of the 2FA when the session becomes invalid. Solution: Burp...

    1 Agent Answer    0 Community Answer
    Dec 29, 2016 09:49AM UTC
  • Programming interface

    That would be great if Burpsuite has a programming interface like fiddlerscript in fiddler. That will allow tester to explore more potential of burpsuite and the requests made.

    1 Agent Answer    0 Community Answer
    Dec 22, 2016 01:35PM UTC
  • Allow Repeater to execute a request several times

    The Intruder option does not work for multipart/form-data requests with binary data. The Intruder tries to interpret the ยง symbols within the binary data and thinks these are payload locations. The Repeater should have a simple option to execute the request several times (with a possible pause between them, fixed or variable), instead of just once, without all the additional functionality offered ...

    1 Agent Answer    0 Community Answer
    Dec 22, 2016 08:53AM UTC
  • Options to match & replace from existing message (like regex backreferences)

    Hi, I'd like to request a feature in Proxy's Options- Match & Replaces where I can find a match, and replace it with existing messages. For clarity, suppose I want to append Origin header in each requests, but I want its value be Host header. So, Origin header & Host header both have same value. Also, I'd like to request an option in Intruder- Where we can configur...

    1 Agent Answer    0 Community Answer
    Dec 16, 2016 10:33AM UTC
  • Target organization

    When following a manual testing workflow, I prefer to reference the site hierarchy under the Target tab, but there is no way to track progress or my remarks internally. If paths could be color-coded and allow comments or offer state changes that reflect testing progress, this would be great.

    2 Agent Answers    1 Community Answer
    Dec 15, 2016 07:34PM UTC
  • Repeater organization

    Even in small projects, I find that my Repeater context quickly becomes cluttered with numerous tabs. While saving and restoring multiple Repeater states to and from files is an option, this doesn't seem like the best approach. It would be nice if Repeater offered sub-tabs, switchable contexts, and even tab color-coding to help organize a session.

    1 Agent Answer    0 Community Answer
    Dec 15, 2016 07:30PM UTC