Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Support TLS decryption with pre-master secret

    We are currently building a tool for extracting pre-master secret (PMS) values from memory of mobile devices. It would be great if Burp supported the decryption of TLS traffic with a list of PMS values just like Wireshark can (https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/). If this too much of a stretch for a feature request, do you believe this f...

    1 Agent Answer    0 Community Answer
    Jun 03, 2016 10:48PM UTC
  • global parameters

    Burp contain few tools that allows export data, like Logging.. turn the project name and some other parameters to a global parameter will allow to use it while exporting data. for example, in the logging tool while picking to save log, burp ask for file name. using the project name will enable automatic logging. like c:\%projectname_%toolname_%date

    0 Community Answer
    Jun 03, 2016 10:08AM UTC
  • Capability to scan React.js

    As per the title - is Burp capable or truly scanning React.js built applications? Does anyone have any experience of this?

    2 Agent Answers    2 Community Answers
    Jun 02, 2016 02:36PM UTC
  • Advanced payload positioning system in Intruder

    Problem: Currently, payload positions are based on where exactly the payload is positioned in the document. This is a very static approach has some drawbacks: - Difficult to correlate payload with payload-number if there are a lot of different payload positions. I'm often switching back and forth between the tabs to see which payload is which - Not possible to assign the same payload to ...

    1 Agent Answer    1 Community Answer
    May 30, 2016 11:40AM UTC
  • Web interface (or other out-of-band) "emergency save state" function for use when UI has l...

    Burp is a truly fantastic product. However, I regularly encounter situations in which the GUI for it locks up. Of course, this tends to happen when I'm in the middle of a pen test and haven't saved my state for an hour or so. I have to kill the process and lose a bunch of work. I believe the current recommendation for this is still "use the auto-save feature". I don't d...

    1 Agent Answer    0 Community Answer
    May 19, 2016 07:02PM UTC
  • seperate issue window that is detachable

    hi, I really liked the old burp where the issues found by scanner are in the scanner window's tab. Now its in the target tab and for me it making me difficult to work with. contents frame in the sitemap tab has been minimize, and i cant really detach Issue frame. A feature for detaching Issue frame along with advisory would be nice one to have I suppose. please let me know if there is...

    1 Agent Answer    0 Community Answer
    May 19, 2016 03:29PM UTC
  • Archive or clear requests without deleting them?

    Sometimes in a large project, I may have 40000+ requests. This makes filtering very slow and sometimes appears to make Burp freeze. Is there any way to remove requests from the current list without deleting them? I still want to keep them all in my logs.

    1 Agent Answer    0 Community Answer
    May 13, 2016 11:10AM UTC
  • Collaborator interface for extensions

    Although extensions can perform active and passive scans, AFAIK they have no access to collaborator, thus cannot verify out-of-band interaction. Am I mistaken? If no, it would be a great thing to have.

    1 Agent Answer    0 Community Answer
    May 13, 2016 09:51AM UTC
  • Display colors for Background and Font

    Is it possible to change the display background to darker theme, e.g. black or dark grey. I suffer from Scotopic Sensitivity Syndrome, so i find difficult to read from white background. I would prefer to change the font color to white and the background to dark grey or black, i know I'm in the minority in this case but it is still worth a shot.

    4 Agent Answers    13 Community Answers
    May 01, 2016 04:29PM UTC
  • Orchestrate Repeater Requests

    It is often needed to orchestrate or time (as in timing) a sequence of requests in relation to one another. Simple Examples: 1) Send Request '1' 2) Wait 1 second 3) Send Request '2' This is hard to do manually since we get no indication of the different send stages (Req, Waiting for server, Res) so we can't determine when the request has reached the server to ti...

    1 Agent Answer    0 Community Answer
    Apr 27, 2016 10:28AM UTC