Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Good XSS detection

    I'm somewhat disappointed. I conducted an nessus scan on a host, without entering any information. It found an XSS. When I did an active scan of the same host with Burp, Burp did not. It is a really easy to find XSS. I'm pretty amazed about this, since Burp is my choice for Web Testing. Please do have at least the level of accuracy as a regular nessus engine does when it comes to web...

    1 Agent Answer    0 Community Answer
    May 29, 2015 03:06PM UTC
  • Match -> Match/Replace.

    I would like to beg this request again, as there is a need for feature. Here the use case. I would like to be able to Match/Replace based on Matching a different value. I have been told to write it myself, but that would be like you trusting me to operate on you.....I can't perform that function. I don't code. if Match Request Header: POST /path/to/file then Match Request He...

    1 Agent Answer    2 Community Answers
    May 25, 2015 11:48PM UTC
  • UI - shortcuts - 'set Severity, Confidence', global 'enable/disable Proxy Intercept&#...

    I would like to have possibility to: - assign keyboard shortcuts to more actions, e.g.: in Scanner:Results - set Severity, Confidence level (I would use numkeys) - use global windows shortcut for some actions (e.g. enable/disable Proxy Intercept) Thanks, igor

    1 Agent Answer    0 Community Answer
    May 18, 2015 05:24PM UTC
  • UI - Scanner:Results - tag resolved findings

    Hi, I would love to be able to tag findings as 'already worked on and resolved' or 'read'. Helps in case I go through findings while the active scan is still on (reason being lack of time). In current state new findings are added to the Results tab and mix with those I have already seen and evaluated. My solution would be to have a possibility to tag a finding as e.g. '...

    1 Agent Answer    0 Community Answer
    May 18, 2015 05:18PM UTC
  • UI - Scanner - selected tab persistence (like in Proxy)

    Hi, I would like selected tab persistence when browsing through findings (exactly like in Proxy tab) - I select tab Response and it stays the selected one when I click on a different finding. A small thing, would help a lot to eliminate useless clicks when going through a bunch of similar findings' responses. Thanks.

    0 Community Answer
    May 18, 2015 05:10PM UTC
  • Reflected input monitor for passive scanning

    A new check should be introduced to passive scanner which will monitor all the requests and report if any of the input parameters get reflected in the response. This will be very useful in determining which parameters to focus on.

    1 Agent Answer    0 Community Answer
    May 15, 2015 06:41AM UTC
  • HTTP Parameter Pollution

    Are there plans to implement HTTP Parameter Pollution tests? More info:

    3 Agent Answers    2 Community Answers
    May 13, 2015 06:36PM UTC
  • Repeater and intruder for pentesting WebSockets

    Hi, I'd love to see mentioned features implemented for pentesting WebSockets. Those features would be useful for testing both WS client and server. Also it would save me some time writing my own set of tools. Regards, Daniel Iziourov

    1 Agent Answer    0 Community Answer
    May 13, 2015 11:18AM UTC
  • Repeater UI - Fixed Placement of Tabs

    I would like for repeater to not move the location of tabs when selecting new repeater tabs. This occurs when the user has a large number of repeater tabs open (which happens to me when testing API calls where we make one repeater tab for each call). I think that it is easier to remember where tabs are visually, and it can be difficult to find the tab you are looking for when it is constantly movi...

    1 Agent Answer    0 Community Answer
    May 08, 2015 07:43PM UTC
  • Provide option to pass unaltered response back to client

    Recently we conducted an application assessment for an android application. The application communicated using gzip / deflate content encoding. Burp Suite was initially configured to unpack gzip/deflate encoded traffic via proxy options. This allowed us to see the server responses in the Target tab. However, it was evident that Burp was passing the unpacked version of the response back to the clie...

    1 Agent Answer    2 Community Answers
    May 07, 2015 02:17PM UTC