Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • PHP extract() vulnerabilities

    Please see this post about the risks of using PHP function extract() improperly: http://davidnoren.com/2013/07/03/php-extract-vulnerability/ At the end of the post are a few ideas on how to test for it. Unsure if those can be automated. Submitting an official feature request, after noting user surreal requested this on the user forums: http://forum.portswigger.net/thread/1540/scanner-test-php-e...

    1 Agent Answer    0 Community Answer
    Feb 09, 2015 05:06PM UTC
  • force update check

    Already posted here and then noticed, this is the new way to do it. http://forum.portswigger.net/thread/1686/force-update-check Current situation/problem: Burp only checks for new versions on startup. So when you can only connect to the internet via a proxy and it is not entered on start, the update check will fail. The only way to recheck for an update is to enter the proxy, close and restar...

    3 Agent Answers    3 Community Answers
    Feb 08, 2015 09:55PM UTC
  • Comparer "Next modified section" feature

    To whom it may concern, I would love to see a feature in the word compare, where I can jump to the next difference. Currently it is only highlighted the modified / deleted / added parts, but it would be awesome not to have to search by hand for those highlights. Often I have to really slowly (manually) search for those sections in a big response. Thanks!

    1 Agent Answer    0 Community Answer
    Feb 06, 2015 04:21PM UTC
  • Configure the parameter separator on GET and POST reponses

    Actually the parameter separator is the & symbol, but sometimes the applications use different character as parameter separators, for example a lot of tomcat applications use the | character. It could be very very useful if burp allows to set the character separators ( & | ; )

    1 Agent Answer    1 Community Answer
    Feb 04, 2015 12:42PM UTC
  • disable Payload encoding and auto load payloads through API

    It would be nice if the payloads get automatically loaded from custom file when invoking sendToIntruder method and API method to disable URL encode these characters through API. Thereby launching the attack through API

    2 Agent Answers    3 Community Answers
    Feb 03, 2015 08:25AM UTC
  • Remove duplicates

    Scanner > Scan queue > sort by URL. Need a way to right-click and say "Remove Duplicates".

    1 Agent Answer    0 Community Answer
    Feb 02, 2015 01:43AM UTC
  • Automatically add repeater results to the site map

    Hello, It would be nice if an option could be added to automatically add the repeater results to the site map. I work quite a lot with the repeater and it could be nice to have a direct access to search and other features available in the "Site map" for these results. Kind regards Davy

    1 Agent Answer    1 Community Answer
    Jan 28, 2015 05:21PM UTC
  • Intercept non HTTP protocols

    An ability to intercept non-HTTP protocols (perhaps an API feature to let users code extensions for relevant protocols). A situation arrived at work involving SIP. Getting the traffic to pass through Burp was easy, but without an ability to intercept INVITE (and so forth) it lead to creating custom tools instead.

    1 Agent Answer    4 Community Answers
    Jan 27, 2015 10:07AM UTC
  • Ability to view the delay of a response in a column (Intruder)

    May be very useful while testing for time based injection (sql, command, aso) to see the delay of a response returned by the remote webserver.

    2 Agent Answers    2 Community Answers
    Jan 26, 2015 01:20PM UTC
  • Ability to edit several rows on parameters viewing tab during editing of intercepted message

    Ability to edit several rows (i.e. values/names of several POST parameters) on parameters viewing tab during editing of intercepted message (Proxy module) would helped a lot.

    1 Agent Answer    0 Community Answer
    Jan 25, 2015 10:31AM UTC