Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Rendering JSON in pretty form in response body

    Hi, Please consider rendering application/json content in response.body in a pretty form. Today, I am forced to copy+paste the content into another tool to view it in pretty form. Thx Chaks

    1 Agent Answer    0 Community Answer
    Jul 13, 2015 03:30AM UTC
  • Add test for HTTP Strict Transport Security (HSTS) and update the Cacheable HTTPS Response test

    In the most recent version 1.6.21 - I see that under the Scanner tab you have added the "Issue" Listing - Thank you for that !!! However, I do not see any test for the absence of the HTTP Strict Transport Security (HSTS) Header element in that list. Please consider the addition of a test for that issue in a future release. Also in the test for Cacheable HTTPS Response (0x00700100) - i...

    2 Agent Answers    2 Community Answers
    Jul 09, 2015 06:17PM UTC
  • Add "Search Bapp Store" Box

    The Burp App Store is growing and there are many new additions from last year even. How about a search box that scans the names and description files to filter down the list. So, CSRF will display plug-ins that contain that keyword.

    1 Agent Answer    1 Community Answer
    Jul 08, 2015 12:34AM UTC
  • Add "Close All Tabs" button to the Repeaster

    In the repeater tab, I would like a “close all tabs” button. In the Mac-look-and-feel-GUI; if you click the X, the tabs auto-adjust slightly to re-center. Thus, you click X and move the mouse. Repeat 52 times (yes, I had 52 open, I am silly sometimes.

    1 Agent Answer    0 Community Answer
    Jul 08, 2015 12:33AM UTC
  • Hide from view based on MIME type

    Hi, recently I came across a web server where certain categories of files (images, css) were having a filename of the format "_x-y" with no extension, where x and y is a alphanumeric value of a varying length of characters, eg _0a1b2c4d5e-f6g7h8i9j In the MIME column of Proxy | HTTP history the type of the file is identified correctly as eg JPEG, GIF, CSS... Is there any way I can ...

    1 Community Answer
    Jul 05, 2015 08:56AM UTC
  • Source IP addresses in Proxy/HTTP History

    It would be great if an additional column for the source IP address would exist, so we could see which client makes the selected request.

    1 Agent Answer    1 Community Answer
    Jun 24, 2015 07:24AM UTC
  • HTTP History - Filter on Edited Requests

    Could you add a filter to the HTTP History tab allowing selection of only edited requests/responses? Also would it be possible to make the comment column in the HTTP History table editable so that you don't have to use the context menu? Or perhaps add a comment field directly to the Request/Response window you get when you've double clicked an entry in the HTTP History table.

    1 Agent Answer    1 Community Answer
    Jun 23, 2015 05:58PM UTC
  • Burp Porxy Features- Replay Request

    Hi I would like to propose the following features in Burp. 1) Burp loads default profile:- Burp should allow users to specify the default template location. 2) Requests Replay :- We would like feed the requests & Response to other tools such as Appscan/webinspect. Fiddler has feature to repeat several requests at a time and auto-response feature. In burp we can only use repeater a...

    0 Community Answer
    Jun 20, 2015 07:46AM UTC
  • ASP.NET ValidateRequest bypass + tuning

    According to my experience Burp Suite doesn't check for this type of ValidateRequest filter bypass: http://www.jardinesoftware.net/2011/07/17/bypassing-validaterequest/ Would it be possible to add this to the Persistens XSS checks? (Sorry if I missed something) On a related note: Since ValidateRequest throws an exception when encountering typical XSS patterns many apps terminate the ...

    1 Agent Answer    0 Community Answer
    Jun 16, 2015 07:19AM UTC
  • Burp signed SSL certificates throw warning in Chrome

    When burp generates CA-signed per-host certificates, Google Chrome marks these sites as having "Weak Security configuration (SHA-1 signatures), so your connections may not be private. Screenshot: http://i.imgur.com/B5XcMF9.png It looks like Chrome is actively trying to sunset SHA-1 (https://blog.filippo.io/the-unofficial-chrome-sha1-faq/) So, I'm guessing this message can be removed i...

    1 Agent Answer    0 Community Answer
    Jun 10, 2015 07:28PM UTC