Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • IRC Community Support

    As responsive at the Portswigger team is (and I am impressed with their response times) I think that a community support channel on IRC would be benificial for collaboration and basic troubleshooting. Unfortunately, I do not have the resources to maintain such a channel. Freenode seems to be the place to go, OWASP, Wireshark, Aircrack-ng and many others all have a presence there. My sugge...

    1 Agent Answer    4 Community Answers
    Dec 14, 2016 06:43PM UTC
  • grep extract redirection

    Hi, To configure recursive grep you need to set a grep extract but the extraction wizard doesn't perform a redirection, even when redirections are set in the Intruder config further down. It can be worked around by figuring out the pattern in advance and entering it into the expression fields, even though the required text won't be found. But it's nice to use the graphical aid ...

    1 Agent Answer    0 Community Answer
    Dec 09, 2016 01:07PM UTC
  • "Parameter values extractor"

    Basically this is an advanced search feature which gives a list of all values assigned to a parameter. The parameter can appear either in GET, POST, etc. requests or responses, or JSON, XML, etc. messages. The parameter name should be flexible using regex, because some apps might use dynamic parameter name. This feature could help enumerate all valid and/or used values for a parameter, wh...

    1 Agent Answer    1 Community Answer
    Dec 06, 2016 03:01PM UTC
  • Session Handling Rule - On Failure - Switch Proxy

    I sometimes find in performing test that there are devices in place that lock out web activities for 5-10 mins if too many perceived attacks are seen. I think it would be great to have a session handling rule that would check if it's valid, and if not it would switch to a different forward proxy, reauth, and continue

    1 Agent Answer    0 Community Answer
    Nov 30, 2016 05:38PM UTC
  • Add HTTP Method as a value to the filter scope

    The current scope dialog uses protocol, host/ip, port and file as a filter, however, there are times when it would be useful to filter on HTTP method too. For example when working with a RESTful interface that uses the same URI to read (GET) and delete (DELETE) resources, it would be handy to exclude DELETE from the scope.

    1 Agent Answer    0 Community Answer
    Nov 28, 2016 11:28PM UTC
  • Monospaced font in the decoder tool

    It would be really great if the decoder tool could be made to use the font specified in the HTTP Message Display setting instead of the one used for the general UI, this would also improve the hex representation, thanks!

    1 Agent Answer    0 Community Answer
    Nov 23, 2016 07:22PM UTC
  • IResponseVariations - set attribute

    Hi, I saw the new IResponseVariations API... They are great! To increase the power of these new API, It would be great to be able to add custom attributes. In this way a user can add an attribute and write his own code to evaluate the variance of the attribute. Thank you for your great job! Federico

    2 Agent Answers    1 Community Answer
    Nov 23, 2016 11:10AM UTC
  • Add "Invoke Extension" to "Session Handling Action Editor"

    The "Session handling action editor" has a dropdown menu with two options to "Define behavior dependent on session validity": - Prompt for in-browser session recovery - Run a macro I would like to see "Invoke a Burp Extension" added as an option. Currently you can run a macro /and then/ invoke an extension, so why can't I just invoke the extension directl...

    1 Agent Answer    1 Community Answer
    Nov 14, 2016 09:59PM UTC
  • Preview insertion points in upcoming scans in scan queue

    It would be nice to see the insertion point count on upcoming scans in the queue to good idea of what kinda of time it's going to take to scan the upcoming items. if you see you have 40 links all with 200+ insertion points you could immediately know it would take a great deal more time than the same amount of links ranging in 1-10 insertion points. I think this would be pretty handy for gi...

    1 Agent Answer    0 Community Answer
    Nov 10, 2016 10:34AM UTC
  • Scan for ONLY burp suite plugin (custom insertion point)

    I'd like to be able to launch only my plugin during a scan. I think the scanner tab should perhaps have the option of enable/disabling a plugin in addition to the other [x] enable/disable buttons. Lets say I only want to do some custom injection test based on something I've seen in an app - I'd want to blast that string all over the place but don't care about anything else. ...

    1 Agent Answer    0 Community Answer
    Nov 10, 2016 10:24AM UTC