Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Strict transport security not enforced -- misstatement of facts/lack of proof

    I'm using Pro 1.7.22, and test a fairly normal web application I get an issue report 'Strict transport security not enforced', which from a general perspective is correct: the application does not provide a Strict-Transport-Security header. That far, I have no complaint. However, the issue text states: 'The application fails to prevent users from connecting to it over une...

    1 Agent Answer    0 Community Answer
    May 18, 2017 06:32AM UTC
  • external service interaction -- https

    I noticed Burp supports external service interaction -- DNS, http and SMPT. Do you have any plan to support external service interaction -- https? Recently we found our application is vulnerable (and exploitable) to external service interaction -- https. Thanks

    2 Agent Answers    1 Community Answer
    May 12, 2017 11:58AM UTC
  • Clean up extender tabs

    Good Morning, I just want to prefix by saying burp is fantastic, but i find all the tabs at the top really messy when i have like 10+ extensions loaded up at once. Would it be possible to add a feature/tickbox in the settings so that if enabled all the extra tabs that come up at the top alongside target, proxy, spider, scanner etc instead come up in the next menu down only when the Extende...

    2 Agent Answers    1 Community Answer
    May 09, 2017 01:55AM UTC
  • Grouping Threads for active scan

    Hi, would be great if you could allow threads "per group". You dont want to burn one target down, but you might want to test other bits in parallel. An idea would be to allow an identifier set for a group per target in scope and then set a maximum of groups to test in parallel and how much can be tested within each group. Mark

    1 Agent Answer    0 Community Answer
    May 05, 2017 09:10AM UTC
  • content discovery API access?

    Hello, I'm working on a project where I'd like programmatic access to the Content Discovery tool. On another thread I read this agent's response: "There isn’t currently any way to use Burp’s own Content Discovery feature via the API, sorry." However, since that was in June 2016, I was wondering whether this has changed at all?

    1 Agent Answer    0 Community Answer
    May 04, 2017 02:50PM UTC
  • NTLM Hash and kerberos ticket support for platform authentication

    Currently NTLMv1/v2 platform authentication requires the plaintext password, but often the hash value cannot be cracked easily back into plaintext in an expedient manner. Additionally if the hash is generated based on a 2fa request this makes it impractical to provide a plaintext value even when the hash is available from memory or hashdumps from domain sources. Allowing the use of the hash alon...

    1 Agent Answer    0 Community Answer
    May 04, 2017 05:30AM UTC
  • System to "back up" project files in case of crashes.

    So as I understand it, the "Save State" functionality is being removed from Burp and being replaced by the project file. My only issue with this is that when Burp / the OS crashes, project files get corrupted. This morning my laptop crashed and the project file was corrupted so much that the only thing Burp managed to get back out of it were the targets. Entire proxy history was gone. Lu...

    1 Agent Answer    0 Community Answer
    May 02, 2017 02:44PM UTC
  • Active Scan configuration taken when scan request insered into the queue and not when scan start

    Hi everybody, I did some test and seems that currently the active scan configuration is used to generate test cases when the scanner start to execute the tests on a specific request. That mean if you have a long queue and you change in the mean time the scanner options these changes will impact in the future inserted request and also in the one already inserted into the queue and not yet starte...

    2 Agent Answers    1 Community Answer
    Apr 30, 2017 03:45PM UTC
  • Extension release dates in BApp Store

    An extension's version number is useful however it would be really useful to see the release dates for the extensions available in the BApp Store. Links to the extension and version history would also be useful. This way we can see how old they are and if they are actively being developed.

    2 Agent Answers    1 Community Answer
    Apr 28, 2017 10:26AM UTC
  • Require Confirmation for Clear History

    Please add a confirmation dialog to clear history from the right click menu option. This is far to destructive to the project integrity and irreversible right now.

    1 Agent Answer    0 Community Answer
    Apr 27, 2017 04:51PM UTC