Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Hash responses/request

    Hello, Sometimes I need to compare responeses (or requests). Any minor change is interesting. Maybe 95% of the answers are the same (thousands of requests), sometimes length doesn't vary. Hashing will make detecting changes faster. Also, hashing (or similar method) can be useful for detecting changes in some parts. For example, I use Intruder, 99% of the page is the same, anyhow my pay...

    1 Agent Answer    0 Community Answer
    Sep 23, 2015 09:21PM UTC
  • Collaborator Server Version

    Hi, While doing a Health Check on the Collaborator Server it would help if it returned the Version #. Especially for making sure a Private Server is up to date. Thanks

    1 Agent Answer    0 Community Answer
    Sep 21, 2015 06:45PM UTC
  • Content Discovery: custom wordlist

    The Content Discovery functionality allow the use of built-in wordlists, but does not facilitate a custom word-/filelist. While the built-in wordlists are OK, sometimes it's useful to be able to define a custom list, just like you would within the intruder. The intruder can of course be used for discovery of content as well, but it would be very nice to be able to define a textfile in an ...

    3 Agent Answers    3 Community Answers
    Sep 21, 2015 02:01PM UTC
  • Duplicate entries in scan queue

    Why does Burp make duplicate entries with a status of "waiting" in the scan queue. It seems trivial to scan the list in code prior to the addition of a new URL and to not add it if there is already one there. I am requesting this change. Thanks!

    1 Agent Answer    0 Community Answer
    Sep 17, 2015 07:31PM UTC
  • Make filter input field red when active

    Hi, I have a small, but potentially time saving request: Could you please make the filter input field in the Target and Proxy tabs turn red when a filter is active? This is purely a visible indication to show the user that there is a filter active. Sometimes I forget the fact that I put a filter for one job when executing the next job (as filter settings are kept over different burp laun...

    1 Agent Answer    1 Community Answer
    Sep 17, 2015 07:59AM UTC
  • Use Collaborator server for CSRF POCs?

    Currently, my favorite ways to generate the "meat" for a CSRF demo is to use the Burp CSRF engagement tool. However, after I run the test locally with the burp tool, if I am dealing with XHR and CORS, I always move the POC to a "real" web server that will cause my browser to generate a pre-flight request. Depending on the engagement, I use a public webserver or just on a vm i...

    1 Agent Answer    2 Community Answers
    Sep 17, 2015 12:10AM UTC
  • Add a parameter to the scanner exclude list via right-click context menu on the Param tab

    I hope it doesn't take much work to add this feature to the current version. It would really be helpful if you can just right click on any parameter and add them to the exclude list of scanner rather than doing a copy and paste.

    1 Agent Answer    1 Community Answer
    Sep 14, 2015 11:43PM UTC
  • Use Other Burp Instance on Different Port as an Upstream Proxy to see Scanner requests

    If I want to see what requests are being sent by scanner, I usually run another Burp proxy instance and set my Upstream proxy to it. In that way when I look at the proxy history tab of that other burp proxy instance, I'd be able to see the requests being made by burp scanner. It would be nice if you don't have to do that, instead just add another proxy instance on a different port and us...

    1 Agent Answer    0 Community Answer
    Sep 14, 2015 11:43PM UTC
  • Burp Testing Methodologies

    Findings should include links to relavent Burp Testing Methodologies: https://support.portswigger.net/customer/portal/topics/792273-burp-testing-methodologies/articles?page=1

    1 Agent Answer    0 Community Answer
    Sep 14, 2015 01:23PM UTC
  • JSON decoder in "Decoder"

    Hi PORTSWIGGER team, I would be really greatful if you add support for JSON decoding to "Decoder". Because usually I find URLs like https%3a\/\/www.google.com\/blablabla... and I have to use other decoder like unescape() to work with a valid URL. Thanks.

    2 Agent Answers    3 Community Answers
    Sep 13, 2015 04:06AM UTC