Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • False positives in XSS findings

    Hello, I use Burp scanner regularly and I observed two issues with reflected XSS detection. 1. Sometimes, burp sends the XSS payloads without URL encoding and reports the reflection as XSS. However, all major browsers perform URL encoding of special characters like < , > and "space" when you enter the URL in address bar. So, when producing a PoC, the payload is encod...

    1 Agent Answer    0 Community Answer
    Mar 16, 2018 03:43PM UTC
  • Scan for .DS_Store files

    Check out this writeup: https://en.internetwache.org/scanning-the-alexa-top-1m-for-ds-store-files-12-03-2018/ It would be cool if burp suite could automatically check for .DS_Store files on websites, parse the content, spider the files and check for more .DS_Store files in subfolders.

    1 Agent Answer    0 Community Answer
    Mar 16, 2018 09:30AM UTC
  • scroll with wheel in preview tab

    Currently scroll wheel doesn’t work for the preview tab of a response. It works for all the other tabs. Even better if we can scroll horizontally by holding Shift when scrolling. See https://docs.oracle.com/javase/tutorial/uiswing/components/scrollpane.html for example.

    1 Agent Answer    0 Community Answer
    Mar 15, 2018 07:32PM UTC
  • Select/Deselect All Individual Issues in Scan Options Tab

    I appreciate that there's now the options to 'Select by scan type' and 'Select individual issues' under Scan Options, but selecting individual issues to scan for is a pain when there's no select/deselect all in the 'Enabled' column of the issues table. There's many instances when I'm retesting a specific finding on multiple URLs and want Burp to do...

    1 Agent Answer    1 Community Answer
    Mar 14, 2018 08:14PM UTC
  • Dynamic custom parameter name

    Hi, As per session management/macros, I know I can use "Define custom parameter" to obtain value to specific parameter with static name (e.g. "name"). However, consider a dynamic parameter name. For example, upon requesting the login page, I get "name1234" parameter (notice the counter/nonce appended to the name of the parameter). Upon requesting the login page again...

    1 Agent Answer    0 Community Answer
    Mar 12, 2018 02:43PM UTC
  • Custom Attributes on issues

    Add IssueAttributes[] to the IScanIssue object that would get exported with the xml report. Name/Value pairs would suffice, however, nested objects would be awesome. This new property would have to come with all the standard methods add/remove/edit. The use case for this would be so bapp’s could, for example, assign a score to an issue that could represent things like risk, likelihood, impact, ...

    1 Agent Answer    0 Community Answer
    Mar 10, 2018 07:22AM UTC
  • Add new request to outstanding Macro

    I'm using Macro editor quite often for anti CSRF tokens, as well as session management. However, when I would like to add a single request to the current macro, I need to re-record the entire macro again. Would it be possible to add a new button, simply "adding" new requests to the current macro without the need of re-recording the whole thing? Many thanks

    1 Agent Answer    0 Community Answer
    Mar 07, 2018 05:04PM UTC
  • Search through nested values

    Hi, I've posted a FR on Twitter (https://twitter.com/ddouhine/status/938025572596412418) which has been added to the dev backlog but I put it here too in case of... BurpSuite handles nested insertion points for the scanner which is great but it could be very handy to be able to make search through nested values (ex: to search a string which is encoded in base64). Thanks Davy

    0 Community Answer
    Mar 07, 2018 09:57AM UTC
  • Add checkboxes for entries in "Platform Authentication"

    Hello, Authorization checks with Burp could be faster if it was possible to have multiple creds, with checkboxes, for a same host in Platform Authentication. You'd be able to do your tests using creds A then uncheck them and check creds B instead, do your tests, etc... Do you think you could add this ? Thanks Davy

    2 Agent Answers    1 Community Answer
    Mar 07, 2018 08:54AM UTC
  • extension to the intruder api

    Hi, I was wondering if you guys had any plans to bring an update to the burp-api, containing an extension of the api for the intruder? If not - it would be awesome if it were possible to use the intruders "request-firing", "response-storing", "grep-extract from response" feature via the extension-api calls. E.g.: I get use an api call to define and start an...

    1 Agent Answer    0 Community Answer
    Mar 05, 2018 08:20AM UTC