Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Post-Macro extracting parameter from last response

    Hi, I am trying to run a request with a macro and post-macro to do this: Macro1 req1 / resp1 => extract param from rep1 Request get param from from last macro's response req / response (post)Macro2 extract param from last response (before post-macro run), and use it in req2 req2 / resp2 currently it only works before the post-macro run, the post-macro is not capab...

    1 Agent Answer    0 Community Answer
    Apr 10, 2017 04:26PM UTC
  • API to modify configuration of scanner via extension

    It would be very useful to have API to modify the configuration of the scanner via an extension to run specific active scan with custom configuration (like run scan without cookie etc).

    2 Agent Answers    1 Community Answer
    Mar 30, 2017 04:44PM UTC
  • "Resume" for Burp Collaborator Client

    Hello, Why can't we restore Burp Colloborator Client? It should be possible for pentesters to also save the results of Burp Collaborator Client and then restore, as with any other Burp tools. Thanks

    1 Agent Answer    0 Community Answer
    Mar 30, 2017 09:32AM UTC
  • Server down check

    It would be very good to have some sort of keep-alive functionality to ping server whether it is still up, and depending on the pre-set response by user (e.g. custom error message), it would pause Active scanning until the ping is a success, or user starts it again after making sure the environment is working. On a "volatile" environment, the Active scanner scans until it is finished, i...

    2 Agent Answers    1 Community Answer
    Mar 20, 2017 01:18PM UTC
  • Purge out of scope requests from proxy history

    I like the new feature to allow me to not save out of scope requests to the proxy history and target tab. What I'd like is to also have the ability to purge out of scope requests that are already stored in history. Back in the day in was possible to do this by selecting the option not to save out of scope requests in the backup file. Then I could close/re-open burp and restore state to purge....

    1 Agent Answer    0 Community Answer
    Mar 14, 2017 09:52PM UTC
  • Separated Upstream proxy to Scan

    Hi Guys! I have a situation running burp that requires a different upstream proxy for scanning. The idea is, basically allows you to select where the upstream proxy will be applied (Scan, Intruder, Repeater and stuff). Thank you.

    1 Agent Answer    0 Community Answer
    Mar 08, 2017 09:24AM UTC
  • Websockets API support

    I'm running into wss more as we see the shift towards single page, media rich applications. As such, I often find the need to implement custom deserialization of binary websockets messages. It would be helpful if I could write Burp extensions to view and modify wss traffic. Any near-term plans for this?

    1 Agent Answer    1 Community Answer
    Feb 24, 2017 07:20PM UTC
  • improve burp handling of http requests

    Hi I will explain the idea by an example, suppose this website " target.com " points to two IPs ( 1.1.1.1 & 2.2.2.2 ) and these IPs has open port " 80 " now we have 4 entry points to test A) when the server is 1.1.1.1 & port is 80 1- GET / HTTP/1.1 Host: 1.1.1.1 2- GET / HTTP/1.1 Host: target.com B) when the server is 2.2.2.2 &...

    1 Agent Answer    0 Community Answer
    Feb 24, 2017 03:33PM UTC
  • Simulate manual testing

    So there is this new feature in Burp Pro under Engagement tools named "Simulate manual testing". It is awesome but it would be even better if it could automatically do conf calls with the client and generate the report, Q/A it, and send it. The feature would be enabled if you type "slackoff" in that window. PS: As an extra feature request, it would be great if Burp could cas...

    1 Agent Answer    0 Community Answer
    Feb 09, 2017 04:56AM UTC
  • Save collaborator IBurpCollaboratorClientContext

    Hi, If I am not wrong there is no way to save or recover an IBurpCollaboratorClientContext object, and if you create a collaborator client context using the createBurpCollaboratorClientContext() callback, right now there is no way to obtain or set the "key" to query the burp collaborator server to retrieve interactions of past sessions. Can a method be implemented to retrieve the ...

    2 Agent Answers    1 Community Answer
    Feb 08, 2017 12:58PM UTC