Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Mark targets as preferred - Site Map

    Hi Team, While we perform an assessment for any webpage it shows all the sites under Site Map, but we have only limited sites under assessment scope on which we want to focus. A tag to mark some site as preferred (moving it to top of the list under "site map") will help targeting only specific sites, it will prevent til from scrolling all the way to identify inscope (not burp but ass...

    1 Agent Answer    0 Community Answer
    Jan 04, 2017 11:40AM UTC
  • Possibility to sort Name column in the Open existing project panel

    It is not possible to sort ASC or DESC by pressing the column name in the Open Existing Project panel. This is very useful to have. Thank you. Keep up the good work.

    2 Agent Answers    1 Community Answer
    Jan 03, 2017 03:15PM UTC
  • Burp 2FA integration - Disable human intervention during 2FA process

    Hi, In today's best practice, medium risk and above applications implement some form of 2FA solution with sensitive functionality like authentication , forgot password, enabling transaction, account activation etc. Challenge: If the application implements 2FA, then the user that operates Burp suite must intervene in the process of the 2FA when the session becomes invalid. Solution: Burp...

    1 Agent Answer    0 Community Answer
    Dec 29, 2016 09:49AM UTC
  • Programming interface

    That would be great if Burpsuite has a programming interface like fiddlerscript in fiddler. That will allow tester to explore more potential of burpsuite and the requests made.

    1 Agent Answer    0 Community Answer
    Dec 22, 2016 01:35PM UTC
  • Allow Repeater to execute a request several times

    The Intruder option does not work for multipart/form-data requests with binary data. The Intruder tries to interpret the ยง symbols within the binary data and thinks these are payload locations. The Repeater should have a simple option to execute the request several times (with a possible pause between them, fixed or variable), instead of just once, without all the additional functionality offered ...

    1 Agent Answer    0 Community Answer
    Dec 22, 2016 08:53AM UTC
  • Options to match & replace from existing message (like regex backreferences)

    Hi, I'd like to request a feature in Proxy's Options- Match & Replaces where I can find a match, and replace it with existing messages. For clarity, suppose I want to append Origin header in each requests, but I want its value be Host header. So, Origin header & Host header both have same value. Also, I'd like to request an option in Intruder- Where we can configur...

    1 Agent Answer    0 Community Answer
    Dec 16, 2016 10:33AM UTC
  • Target organization

    When following a manual testing workflow, I prefer to reference the site hierarchy under the Target tab, but there is no way to track progress or my remarks internally. If paths could be color-coded and allow comments or offer state changes that reflect testing progress, this would be great.

    2 Agent Answers    1 Community Answer
    Dec 15, 2016 07:34PM UTC
  • Repeater organization

    Even in small projects, I find that my Repeater context quickly becomes cluttered with numerous tabs. While saving and restoring multiple Repeater states to and from files is an option, this doesn't seem like the best approach. It would be nice if Repeater offered sub-tabs, switchable contexts, and even tab color-coding to help organize a session.

    1 Agent Answer    0 Community Answer
    Dec 15, 2016 07:30PM UTC
  • IRC Community Support

    As responsive at the Portswigger team is (and I am impressed with their response times) I think that a community support channel on IRC would be benificial for collaboration and basic troubleshooting. Unfortunately, I do not have the resources to maintain such a channel. Freenode seems to be the place to go, OWASP, Wireshark, Aircrack-ng and many others all have a presence there. My sugge...

    1 Agent Answer    4 Community Answers
    Dec 14, 2016 06:43PM UTC
  • grep extract redirection

    Hi, To configure recursive grep you need to set a grep extract but the extraction wizard doesn't perform a redirection, even when redirections are set in the Intruder config further down. It can be worked around by figuring out the pattern in advance and entering it into the expression fields, even though the required text won't be found. But it's nice to use the graphical aid ...

    1 Agent Answer    0 Community Answer
    Dec 09, 2016 01:07PM UTC