Getting Started with Burp Suite
Burp Suite Documentation
Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.
Full Documentation Contents | Burp Projects |
Suite Functions | Burp Tools |
Options | Using Burp Suite |
Burp Extender
Burp Extender lets you extend the functionality of Burp Suite in numerous ways.
Extensions can be written in Java, Python or Ruby.
API documentation | Writing your first Burp Suite extension |
Sample extensions | View community discussions about Extensibility |
Feature Requests
Post a feature request
-
Support Center Watch + Vote feature
Hi, I would like to ask if there could be a way in the future to flag some issues not reported by myself but rather other people, which I could subscribe to to receive an email with any new comment. So like "Watch" functionality. I can see many things which I would be interested in tracking, but I can't do so at the moment. Also, I lack a Vote (or +1) button, which people could us...
4 Agent Answers 3 Community AnswersSep 19, 2017 08:02AM UTC -
Add checks for php:// filter
Would be really nice if the scanner checks for php:// filter requests. Example request: http://xqi.cc/index.php?m=php://filter/convert.base64-encode/resource=index
1 Agent Answer 0 Community AnswerSep 15, 2017 06:46PM UTC -
test Cross-site scripting in scanner using encoded payloads
Hello , I observed that the scanner was testing reflected XSS issues using payloads that are not URL encoded. This sometimes results in false positives as all modern popular browsers URL-encode special characters in address bar by default. Please let me know your thoughts on this. Nevertheless, Burp is the single greatest tool for a web pentester. Thank you :)
1 Agent Answer 0 Community AnswerSep 13, 2017 08:59PM UTC -
Search lacks scanner option
Hello, It would be very useful if there is a tickbox in Burp->Search. Many times I have very large projects and I want to exclude the scanner results and some other times include them. Thank you
1 Agent Answer 0 Community AnswerSep 13, 2017 07:22PM UTC -
Save intruder
Hello, It would be great If we could save the intrusion tab.
1 Agent Answer 1 Community AnswerSep 13, 2017 07:17PM UTC -
More reliable authenticated scanning
1) Consider this scenario: burp is configured to determine if the session is valid every 30 requests. Lets assume that the session will expire on the 20th request. In this case burp will recover the session but will have "wasted" the 21th until the 29th payload. It will be good if scanner keeps track what is going on and request again the whole group of 30 payloads. 2) Authenticated s...
3 Agent Answers 2 Community AnswersSep 11, 2017 03:06PM UTC -
more flexible scanning
Imagine this scenario: I have 5 applications and sent many requests for test by repeater, proxy etc. Now they are accumulated 100 requests in the scanner waiting for the scanner to start. I would like to run 10 threads to each server so I dont want the requests in the scanner proccessed serially. One solution would be to have 2 options in the options tab. One for total threads and one for threads ...
1 Agent Answer 0 Community AnswerSep 07, 2017 11:41AM UTC -
Extended grep-extract in Intruder to cover more occurrences
I would like to ask for more web-scraping capabilities. Let's say I have an intruder to iterate through hundreds of payloads (e.g. page 1, 2, ...), and responses are always of the same format (XML, CSV, ...). I'm able to grep-extract only the 1st payload from the response, e.g. <email>(.*?)</email>; whereas I would like to have an option to extract all of them present => t...
1 Agent Answer 0 Community AnswerSep 07, 2017 09:24AM UTC -
Allow extensions to modify proxy history
I was attempting to create an extension that would offer an option to automatically censor passwords or particular secrets within the Proxy HTTP History. Unfortunately, this does not appear to be possible, because the Burp API does not allow modifications to the history: an UnsupportedOperationException is thrown with the message "Proxy history is read-only" when I try to call IHttpRespo...
1 Agent Answer 1 Community AnswerSep 01, 2017 02:59PM UTC -
Compare Navigate
I used to use the Compare tab a lot in Burp but every time I need to scroll manually in order to find the differences. If we have a button (like find) to navigate between the differences it'll be epic! :D
1 Agent Answer 0 Community AnswerAug 28, 2017 12:44PM UTC