Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Stricter validation on Intruder payload "Dates"

    When configuring "Dates" payloads in Intruder, non-digits characters like whitespace produce surprising behaviors that are hard to debug (no visual feedbacks outside of the "Request count"). For exemple, from 20 July 2017 to 30 July 2017 with a 1-day step and the default format: - no whitespace: count = 11 - whitespace after day "20" in "From": count = ...

    1 Agent Answer    0 Community Answer
    Jul 20, 2017 05:38PM UTC
  • Multi-request payloads in intruder

    It would be neat to have multi request payloads in intruder. It could work somewhat like the current burp macros, where you can set up a sequence of requests to send, but the intruder would change some parameters. This is useful in cases where one request is sent to store a parameter and another can be used to trigger the processing of it.

    1 Agent Answer    0 Community Answer
    Jul 20, 2017 01:27PM UTC
  • Make CTRL-G a shortcut for the "GO" command in repeater

    Please add CTRL-G as a shortcut for the "GO" command in repeater to allow quick resending of a payload.

    1 Agent Answer    1 Community Answer
    Jul 20, 2017 01:24PM UTC
  • Allow Match and Replace to change destination hostname

    Please allow the Match and Replace function to change the destination address as well. It would make it easier to test certain scenarios where requests have to be rediredted to different hosts.

    2 Agent Answers    1 Community Answer
    Jul 20, 2017 01:23PM UTC
  • Burp Suite Enquiry about settings

    In proxy options, there is bind address option in which there is specific address option. In free edition, I cannot give a specific address manually, there is a list of addresses, we cannot give any specific address. So I wanted to know that is this functionality supported in burp Suite professional edition?

    1 Agent Answer    0 Community Answer
    Jul 20, 2017 06:33AM UTC
  • match and replace for the websocket

    Possible to add a match and replace for the websockets? Someone made a plugin for it in the past, but isnt working anymore.

    1 Agent Answer    0 Community Answer
    Jul 19, 2017 02:16PM UTC
  • Add a "Response Received" column in Proxy History

    As discussed ~ 1 year ago:

    0 Community Answer
    Jul 18, 2017 10:53PM UTC
  • Add "Extension provided checks" to "Active / Passive Scanning Areas"

    Currently, active and passive checks initiated by extensions are run for every scan (i.e. even if no "Scanning Areas" are selected). Having new Scanning Areas (one for passive, one for active) dedicated to extension-provided checks would be nice. I consider that disabling every checks but one (like "External interactions" for Infiltrator-based testing) and having extensio...

    1 Agent Answer    0 Community Answer
    Jul 18, 2017 08:56PM UTC
  • Use long/verbose parameters for curl command

    At the moment the tool generates the following curl command: curl -i -s -k -X $'GET' $'' If using the long version of the parameters it will be presented as: curl --include --silent --insecure --request $'GET' $'' Using the long version of the commands improve readability and makes more clear which options...

    1 Agent Answer    1 Community Answer
    Jul 07, 2017 01:22PM UTC
  • Proxy: "Match and replace" target IP address/port of request (not just Host header)

    A new dropdown would be necessary. Would be handy to have a tick box to automatically do the host header also Thanks!

    1 Agent Answer    0 Community Answer
    Jun 29, 2017 11:45AM UTC