Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Custom Attributes on issues

    Add IssueAttributes[] to the IScanIssue object that would get exported with the xml report. Name/Value pairs would suffice, however, nested objects would be awesome. This new property would have to come with all the standard methods add/remove/edit. The use case for this would be so bapp’s could, for example, assign a score to an issue that could represent things like risk, likelihood, impact, ...

    1 Agent Answer    0 Community Answer
    Mar 10, 2018 07:22AM UTC
  • Add new request to outstanding Macro

    I'm using Macro editor quite often for anti CSRF tokens, as well as session management. However, when I would like to add a single request to the current macro, I need to re-record the entire macro again. Would it be possible to add a new button, simply "adding" new requests to the current macro without the need of re-recording the whole thing? Many thanks

    1 Agent Answer    0 Community Answer
    Mar 07, 2018 05:04PM UTC
  • Search through nested values

    Hi, I've posted a FR on Twitter (https://twitter.com/ddouhine/status/938025572596412418) which has been added to the dev backlog but I put it here too in case of... BurpSuite handles nested insertion points for the scanner which is great but it could be very handy to be able to make search through nested values (ex: to search a string which is encoded in base64). Thanks Davy

    0 Community Answer
    Mar 07, 2018 09:57AM UTC
  • Add checkboxes for entries in "Platform Authentication"

    Hello, Authorization checks with Burp could be faster if it was possible to have multiple creds, with checkboxes, for a same host in Platform Authentication. You'd be able to do your tests using creds A then uncheck them and check creds B instead, do your tests, etc... Do you think you could add this ? Thanks Davy

    2 Agent Answers    1 Community Answer
    Mar 07, 2018 08:54AM UTC
  • extension to the intruder api

    Hi, I was wondering if you guys had any plans to bring an update to the burp-api, containing an extension of the api for the intruder? If not - it would be awesome if it were possible to use the intruders "request-firing", "response-storing", "grep-extract from response" feature via the extension-api calls. E.g.: I get use an api call to define and start an...

    1 Agent Answer    0 Community Answer
    Mar 05, 2018 08:20AM UTC
  • Global settings for SSL pass-through

    It would be great if we can configure SSL pass-through globally. For example, Google Analysis and Google Translation are typically out of scope of ordinary user. Current per-project setting is expected to override global settings, including adding rules or disabling rules. That is, project setting should be able to specify that an SSL/TLS connection is passed through only if the hostname does *not...

    1 Agent Answer    0 Community Answer
    Feb 28, 2018 02:48PM UTC
  • Configuration problem

    When i configure my burp suite proxy with my firefox browser they connect but when i browse anything browser show me error message how i solve this problem please help me

    1 Agent Answer    0 Community Answer
    Feb 27, 2018 05:00AM UTC
  • Preview bitmap images (BMP)

    It would be great if we can preview bitmap images in proxy preview, just like how we preview HTML, JPEG and PNG traffics. MIME type is “image/bmp”. Burp seems to be built with Swing/AWT; if so, it should be easy to implement this feature, since Swing supports BMP natively. I made a Extender for this feature, but I really think BMP (as well as anything supported by JRE without third-party library) ...

    1 Agent Answer    0 Community Answer
    Feb 14, 2018 07:51PM UTC
  • Expose intercept state for Burp API

    I am currently developing a burp extension and would like to be able to check the state of the "Intercept" button in the proxy tab. I am able to turn on/off the interception but am not able to poll the state. Thanks

    2 Agent Answers    1 Community Answer
    Feb 07, 2018 09:38AM UTC
  • Decoder - Save/Load to/from File

    Hi, It would be really nice for further analysis of decoded stuff to be able to save each buffer of the "Decoder"-Tab into a file. It is hard to copy binary out of it. The only way i see currently is: encode as base64 and copy string and decode on console, which is not really practical.

    1 Agent Answer    0 Community Answer
    Feb 06, 2018 07:17AM UTC