Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Custom response grep/extract/post-processing in Burp Intruder?

    Burp Intruder supports response grep by regexp, and shows every match in a separate column in result table. It would be helpful to create a custom response processor, written in any language (Python preferred), to generate an extra column value for each request. For example, for each request I need: 1. Access to body 2. Count "words" 3. Return integer value and display it in extr...

    1 Agent Answer    0 Community Answer
    Sep 20, 2016 03:39PM UTC
  • .NET plugins support

    Would be great giving .net support to develop burpsuite plugins

    1 Agent Answer    0 Community Answer
    Sep 16, 2016 12:25PM UTC
  • Burp Infiltrator destroys Spring Boot application

    Hi, when using Burp Infiltrator on a JAR file, which has been created as a Spring Boot application, then the application is not able to start, especially when embedded server is Jetty. Would be great if Burp Infiltrator would be able to support such JAR files! Thanks and Regards Denis

    1 Agent Answer    0 Community Answer
    Sep 16, 2016 07:06AM UTC
  • Proxy Intercept window: show proxy listener that received the request

    Sometimes I configure Burp with multiple proxy listeners going through the same instance. The Proxy History does a great job at being able to separate the traffic with both a dedicated column for the target port and also a filter for the same. In this scenario with proxy interception enabled, sometimes it happens that requests hit more than one of the proxies at the same time, and I want to per...

    1 Agent Answer    0 Community Answer
    Sep 13, 2016 05:04PM UTC
  • Add more functionality in "Discover Content"

    Hello , you could add more functionality in "Discover Content" like the functionality of a custom list and also an option to stop the specific task(example stop directory brute force in the selected subfolder...)

    1 Agent Answer    0 Community Answer
    Sep 06, 2016 11:56AM UTC
  • Burp Sequencer feature - Define payload type

    Hello, I would like to see a choice for the Sequencer payload type. Meaning if I want to run statistical tests and entropy for 20000 tokens ,I would like to be able to define exactly what type these tokens can be . An example would be 20000 tokens of unsigned integers from range 0-100. A good entropy would be about 6 bits , but currently the sequencer claims that this is very poor entropy . ...

    0 Community Answer
    Sep 03, 2016 05:58PM UTC
  • Decoder 'Wrap Text' option

    Can we have a little tick box on the decoder window to auto wrap text. I hate horizontal scrolling like most people!

    1 Agent Answer    0 Community Answer
    Sep 02, 2016 11:19AM UTC
  • Scanner Check For target="_blank" Vulnerability

    Hi Portswigger, I would like to see a check added for links with target="_blank" without the rel="noopener noreferrer" attribute. The author of the below article demonstrates that the site which is linked to is able to control the location of the page containing the original link using window.opener. https://dev.to/ben/the-targetblank-vulnerability-by-example Thank y...

    1 Agent Answer    0 Community Answer
    Sep 01, 2016 04:41PM UTC
  • Requests grab under some actions

    Hello. When analyse big targets with many domains, apps, actions, etc, may be very helpfull function of grab group of requests of concrete action. For example, i test big web-app. In some moment, then i have many data in BS, i want do some action and view all requests was made in it. I want view this requests separately from all other requests what was already done in other time.

    1 Agent Answer    0 Community Answer
    Sep 01, 2016 07:55AM UTC
  • Make target scope lines clickable

    Hi, I'm using Burp Suite Professional v.1.7.05 When visiting Target | Scope, you see a list of targets in scope. Currently only the Enabled column is clickable (it toggles the checkbox). It would be great if you could click on the other columns (Protocol / Host / IP range / Port / File) as well, and that then the Edit action would be triggered. Thanks, Peter

    2 Agent Answers    1 Community Answer
    Aug 30, 2016 02:53PM UTC