Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Case Modification Intruder payload: add brute force mode

    Please add an option that iterates through all the combinations of upper- and lowercase letters for each position. I.e., for an input string "abc", the output should be: abc aBc abC aBC Abc ABc AbC ABC While this can be done using the Customer Iterator, it's really annoying and error-prone to set up, and only works with a single string at a time.

    0 Community Answer
    Aug 15, 2016 07:38PM UTC
  • Add a processing stack to Grep Extract

    Sometimes it's very handy to be able to apply some processing, such as URL or HTML decoding, to extracted values, instead of needing to export to a table (in the case of Intruder results), and then figure out how to apply some processing to a column of values using a separate tool.

    1 Agent Answer    0 Community Answer
    Aug 15, 2016 07:21PM UTC
  • Numbers Intruder payload: add support for multiple ranges

    Instead of using separate fields for min/max, please change this to a single box that accepts a comma-delimited list of dash-separated inclusive ranges. I.e., 1-50,60-70,80,91-100 (decimal) 0,8-D,20-7E (hex) I think it would make sense to fail validation (or at least warn) on attack start if any of the ranges overlap. This would make these types of attacks much quicker to set up and repe...

    1 Community Answer
    Aug 15, 2016 07:00PM UTC
  • Numbers Intruder payload: Default the min/max fractional digits fields to 0

    Out of all the times I've used the Numbers payload in the span of a year and a half, I think I've only used fractional numbers once or twice. Everyone else in the office here has had a similar experience. Please set defaults in this payload so that it generates integers. Needing to set this every time adds up to a tremendous waste of time.

    1 Agent Answer    1 Community Answer
    Aug 15, 2016 06:48PM UTC
  • Support CA Certificate Generation for Certs&Keys Greater Than 1024bit

    Especially Apple is now enforcing "Best Practices" via App Transport Security. As a workaround I used this guide: Thank you.

    1 Agent Answer    0 Community Answer
    Aug 11, 2016 07:52AM UTC
  • External service interaction (DNS)

    Hi ! I have scanned a target address and found "External service interaction (DNS)" vulnerability. Is this related to DNS Zone Transfer? and How do i rate this vulnerability according to 1 to 10? please help me ASAP Thank You..

    1 Agent Answer    1 Community Answer
    Aug 04, 2016 12:52PM UTC
  • Intercepting AMF requests

    I'm facing big time problem with Burp not able to intercept any AMF requests.Is there any condition that would help burp to intercept them? PS; All other requests from the same web application is passing through burp properly.

    1 Agent Answer    0 Community Answer
    Aug 03, 2016 01:12PM UTC
  • Global UI indicator that Live Active Scanning is enabled

    There have been times that I've opened a project file, or returned to a project and forgot Live Active Scanning is enabled. Since almost every action in burp is very explicit, requiring user interaction. When live active scanning is enabled, the behavior of the application is fundamentally different, and is much more dangerous if the user is not careful. I think this warrants a global U...

    1 Agent Answer    0 Community Answer
    Jul 19, 2016 06:43PM UTC
  • Repeater - Quick toggle cookie jar usage

    It is a common use case to want repeater to use the current cookie from the cookie jar. However sometime you want to make sure session authentication is working properly, so you intentionally want to use an old cookie. It is currently tedious to have to switch to session tab and dig into the options to toggle it for repeater. Would be nice to have the ability to toggle this option on a per ...

    1 Agent Answer    0 Community Answer
    Jul 19, 2016 06:39PM UTC
  • Prevent Burp Proxy from recording some items based on the scope or other filter (e.g. regex)

    Hi, I'm looking for a way to prevent Burp from recording some item in the Proxy history. The main reason is that I'm intercepting quite a lot of traffic from the intercepted device, which quickly increases Burp's memory and CPU usage. This finally triggers the "Failed to allocate memory - behavior may be unstable, consider saving your work" error and forces me to restar...

    3 Agent Answers    1 Community Answer
    Jul 11, 2016 02:43PM UTC