Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Auto Highlighting

    Would be great to auto-highlighting based on a regex match. Specifically would be great to use this for visually separating sessions if we could match a by cookie header.

    1 Agent Answer    0 Community Answer
    Jul 06, 2016 07:18PM UTC
  • How can I get XML view of a response that is in utf-16?

    Hi, I don't have a convenient way to view responses with bodies that are XML encoded in utf-16. I think handling this would involve a coding change, but if there's a configuration I've overlooked, please let me know. What happens when I look at a response whose body is XML encoded in utf-16 is that the RAW tab of the Response shows the headers normally, but then shows the XML ...

    6 Agent Answers    6 Community Answers
    Jul 05, 2016 04:06PM UTC
  • Remove tabs no used and save tabs order

    Hi Portswigger team, every time I open Burp I have to reorder the tabs (Repeater, Proxy, etc) as I wish, the order is not saved. And I would like to be able to remove the tabs that I don't use like Spider, Target and Scanner. Thanks.

    0 Community Answer
    Jun 30, 2016 07:02PM UTC
  • Support CWE ID in reports

    Like other professionals, we use CWE for classify vulnerabilities. In our case we try to use several tools and correlate vulnerabilities in this way. Thank to that we can create custom reports using our description of vulnerabilities, and if we need to deliver reports in other language, we can keep our translations.

    1 Agent Answer    0 Community Answer
    Jun 30, 2016 12:36PM UTC
  • automatically color communications by listener

    During pentest of some apps it's very handy to login as multiple users for testing interactivity issues and other things. I just setup multiple listeners to make that easy. It would be super helpful if you could assign a default color to be automatically applied to all communications of a specific listener. Thanks for a great product! Larry Craddock Ultimate Software

    1 Agent Answer    0 Community Answer
    Jun 28, 2016 02:30PM UTC
  • Referer strip for CSRF PoC generator

    Hello, Certain sites check the Referer HTTP header for CSRF protection, but accept request without Referer in order to avoid breaking functionality. One general method to strip the Referer header is to use a <meta name="referrer" content="never"> so in a PoC, it is something like this: <html> <meta name="referrer" content="never"> ...

    1 Agent Answer    0 Community Answer
    Jun 19, 2016 03:56PM UTC
  • exponential backoff in Sequencer

    When testing session tokens, usually the same request is sent over and over again to the server. Often this causes a considerable amount of load (as tests are usually made on test/quality/integration systems with lower hardware resources). The result is usually temporary availability issues. Most of the times, just pausing live capture for a few seconds, and them resume solves the problem. That be...

    0 Community Answer
    Jun 15, 2016 02:17PM UTC
  • Scan Queue / Scan Next - Order

    When there are hundreds or even thousands of pages to scan it it isn't always the best use of time to attempt to weed out and try to select which items to scan or determine which ones are nearly identical except a parameter or two and exclude them through the active scanning wizard; especially when available testing time is an issue. I think it is easier to send the whole lot to the scan...

    1 Agent Answer    0 Community Answer
    Jun 13, 2016 07:24PM UTC
  • Burpsuite user manual

    Hi! Is there any full user guide of Burpsuite? or are Portswigger authority providing any user guide to the registered user? Thank You.....

    2 Agent Answers    1 Community Answer
    Jun 11, 2016 07:32AM UTC
  • Generate an issue report in JSON format

    I'm part of an iterative security testing effort where I provide engineers with an issue report, they make fixes, repeat. We are trying to measure how successful each iteration is, meaning did security flaws from report 1 appear in report 2? This would be quick and easy if I could export issue reports in JSON format and then write a program to compare reports.

    1 Agent Answer    0 Community Answer
    Jun 10, 2016 07:53PM UTC