Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Separated Upstream proxy to Scan

    Hi Guys! I have a situation running burp that requires a different upstream proxy for scanning. The idea is, basically allows you to select where the upstream proxy will be applied (Scan, Intruder, Repeater and stuff). Thank you.

    1 Agent Answer    0 Community Answer
    Mar 08, 2017 09:24AM UTC
  • Websockets API support

    I'm running into wss more as we see the shift towards single page, media rich applications. As such, I often find the need to implement custom deserialization of binary websockets messages. It would be helpful if I could write Burp extensions to view and modify wss traffic. Any near-term plans for this?

    1 Agent Answer    1 Community Answer
    Feb 24, 2017 07:20PM UTC
  • improve burp handling of http requests

    Hi I will explain the idea by an example, suppose this website " target.com " points to two IPs ( 1.1.1.1 & 2.2.2.2 ) and these IPs has open port " 80 " now we have 4 entry points to test A) when the server is 1.1.1.1 & port is 80 1- GET / HTTP/1.1 Host: 1.1.1.1 2- GET / HTTP/1.1 Host: target.com B) when the server is 2.2.2.2 &...

    1 Agent Answer    0 Community Answer
    Feb 24, 2017 03:33PM UTC
  • Simulate manual testing

    So there is this new feature in Burp Pro under Engagement tools named "Simulate manual testing". It is awesome but it would be even better if it could automatically do conf calls with the client and generate the report, Q/A it, and send it. The feature would be enabled if you type "slackoff" in that window. PS: As an extra feature request, it would be great if Burp could cas...

    1 Agent Answer    0 Community Answer
    Feb 09, 2017 04:56AM UTC
  • Save collaborator IBurpCollaboratorClientContext

    Hi, If I am not wrong there is no way to save or recover an IBurpCollaboratorClientContext object, and if you create a collaborator client context using the createBurpCollaboratorClientContext() callback, right now there is no way to obtain or set the "key" to query the burp collaborator server to retrieve interactions of past sessions. Can a method be implemented to retrieve the ...

    2 Agent Answers    1 Community Answer
    Feb 08, 2017 12:58PM UTC
  • Post-macros

    Hi, Right now macros only can be used as a session handling action to set a parameter or a cookie, but it would be very useful to use them after performing a request to test the contents of another response (for example, to test a second order SQL Injection). It would be also very useful to have the possibility of execute a previously recorded macro from an extension. Thanks for consider...

    1 Agent Answer    0 Community Answer
    Jan 25, 2017 04:13PM UTC
  • Requesting a feature that allows us to automatically intercept all responses

    As far as I know, to intercept a response, I must manually intercept the response for that request using the Action button. A feature that would allow me to intercept all responses without having to go through the action button would be great.

    1 Agent Answer    0 Community Answer
    Jan 25, 2017 02:52PM UTC
  • Show NTLM auth on requests

    Currently NTLM authentication used in burp in not shown in any request and cannot be tracked/checked in anyway. A log should be usefull to check if there is problems. Maurizio

    1 Agent Answer    1 Community Answer
    Jan 19, 2017 10:08AM UTC
  • Global Regex Rules

    Hello all, I would like to see a feature similar to "Proxy->Options>Match and Replace" that would affect not only the requests proxied by Burp but all the request within Burp. I explain, sometime, I would spider and scan a web application let's say on a Monday so the requests on the "Target" tab will all have the "Session Cookie" I have been given on ...

    1 Community Answer
    Jan 17, 2017 11:32AM UTC
  • Spider and Scanner History

    We were performing an application penetration test on an internal production application with the Spider on.Now, blame it on whoever , our pentesters forgot to turn off the Form submitting feature of Spider and it went ahead and added all the pre-set data into the application. Which is obvious because its meant to do that. However,the task which we were asked to perform after our little debacle w...

    1 Agent Answer    0 Community Answer
    Jan 13, 2017 06:54AM UTC