Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Decoder 'Wrap Text' option

    Can we have a little tick box on the decoder window to auto wrap text. I hate horizontal scrolling like most people!

    1 Agent Answer    0 Community Answer
    Sep 02, 2016 11:19AM UTC
  • Scanner Check For target="_blank" Vulnerability

    Hi Portswigger, I would like to see a check added for links with target="_blank" without the rel="noopener noreferrer" attribute. The author of the below article demonstrates that the site which is linked to is able to control the location of the page containing the original link using window.opener. https://dev.to/ben/the-targetblank-vulnerability-by-example Thank y...

    1 Agent Answer    0 Community Answer
    Sep 01, 2016 04:41PM UTC
  • Requests grab under some actions

    Hello. When analyse big targets with many domains, apps, actions, etc, may be very helpfull function of grab group of requests of concrete action. For example, i test big web-app. In some moment, then i have many data in BS, i want do some action and view all requests was made in it. I want view this requests separately from all other requests what was already done in other time.

    1 Agent Answer    0 Community Answer
    Sep 01, 2016 07:55AM UTC
  • Make target scope lines clickable

    Hi, I'm using Burp Suite Professional v.1.7.05 When visiting Target | Scope, you see a list of targets in scope. Currently only the Enabled column is clickable (it toggles the checkbox). It would be great if you could click on the other columns (Protocol / Host / IP range / Port / File) as well, and that then the Edit action would be triggered. Thanks, Peter

    2 Agent Answers    1 Community Answer
    Aug 30, 2016 02:53PM UTC
  • HTTPS MitM : Export functionality of the per-host generated server certificate / key

    Dear In order to be able to decrypt HTTPS traffic in Wireshark[0], one would need the private key linked to the certificate. Would it be possible to include an export functionality of the private key / certificate which is auto-generated by Burp Suite when performing a MitM on a HTTPS connection? Preferably in PEM and/or PKCS#12 format as these can be easily imported in Wireshark. note: A s...

    1 Agent Answer    1 Community Answer
    Aug 26, 2016 04:33PM UTC
  • Feature request for cookie jar

    Hi Just a small request: Would it be possible to add an indication of the cookie flags on cookies stored in cookie jar? That would create an easy overview of the cookies encountered using a test, instead of scrolling through all the URLs in the issues list on the target pane. .

    1 Agent Answer    0 Community Answer
    Aug 25, 2016 07:58AM UTC
  • Burp Infiltrator Exclusions

    Please add the ability to exclude specific packages or classes from the Burp Infiltrator installer.

    1 Agent Answer    0 Community Answer
    Aug 16, 2016 11:51AM UTC
  • Confirm closing Intruder/Repeater tabs

    Please add a confirmation dialog box when closing these tabs, as they (a) are the easiest to close by mistake, and (b) contain some of the more important information in a session.

    1 Agent Answer    1 Community Answer
    Aug 15, 2016 08:00PM UTC
  • Add all missing Decoder algorithms to Intruder payload processing

    .

    0 Community Answer
    Aug 15, 2016 07:53PM UTC
  • Case Modification Intruder payload: add brute force mode

    Please add an option that iterates through all the combinations of upper- and lowercase letters for each position. I.e., for an input string "abc", the output should be: abc aBc abC aBC Abc ABc AbC ABC While this can be done using the Customer Iterator, it's really annoying and error-prone to set up, and only works with a single string at a time.

    0 Community Answer
    Aug 15, 2016 07:38PM UTC