Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Feature Requests

Post a feature request

  • Post-macros

    Hi, Right now macros only can be used as a session handling action to set a parameter or a cookie, but it would be very useful to use them after performing a request to test the contents of another response (for example, to test a second order SQL Injection). It would be also very useful to have the possibility of execute a previously recorded macro from an extension. Thanks for consider...

    1 Agent Answer    0 Community Answer
    Jan 25, 2017 04:13PM UTC
  • Requesting a feature that allows us to automatically intercept all responses

    As far as I know, to intercept a response, I must manually intercept the response for that request using the Action button. A feature that would allow me to intercept all responses without having to go through the action button would be great.

    1 Agent Answer    0 Community Answer
    Jan 25, 2017 02:52PM UTC
  • Show NTLM auth on requests

    Currently NTLM authentication used in burp in not shown in any request and cannot be tracked/checked in anyway. A log should be usefull to check if there is problems. Maurizio

    1 Agent Answer    2 Community Answers
    Jan 19, 2017 10:08AM UTC
  • Global Regex Rules

    Hello all, I would like to see a feature similar to "Proxy->Options>Match and Replace" that would affect not only the requests proxied by Burp but all the request within Burp. I explain, sometime, I would spider and scan a web application let's say on a Monday so the requests on the "Target" tab will all have the "Session Cookie" I have been given on ...

    1 Community Answer
    Jan 17, 2017 11:32AM UTC
  • Spider and Scanner History

    We were performing an application penetration test on an internal production application with the Spider on.Now, blame it on whoever , our pentesters forgot to turn off the Form submitting feature of Spider and it went ahead and added all the pre-set data into the application. Which is obvious because its meant to do that. However,the task which we were asked to perform after our little debacle w...

    1 Agent Answer    0 Community Answer
    Jan 13, 2017 06:54AM UTC
  • Mark targets as preferred - Site Map

    Hi Team, While we perform an assessment for any webpage it shows all the sites under Site Map, but we have only limited sites under assessment scope on which we want to focus. A tag to mark some site as preferred (moving it to top of the list under "site map") will help targeting only specific sites, it will prevent til from scrolling all the way to identify inscope (not burp but ass...

    1 Agent Answer    0 Community Answer
    Jan 04, 2017 11:40AM UTC
  • Possibility to sort Name column in the Open existing project panel

    It is not possible to sort ASC or DESC by pressing the column name in the Open Existing Project panel. This is very useful to have. Thank you. Keep up the good work.

    2 Agent Answers    1 Community Answer
    Jan 03, 2017 03:15PM UTC
  • Burp 2FA integration - Disable human intervention during 2FA process

    Hi, In today's best practice, medium risk and above applications implement some form of 2FA solution with sensitive functionality like authentication , forgot password, enabling transaction, account activation etc. Challenge: If the application implements 2FA, then the user that operates Burp suite must intervene in the process of the 2FA when the session becomes invalid. Solution: Burp...

    1 Agent Answer    0 Community Answer
    Dec 29, 2016 09:49AM UTC
  • Programming interface

    That would be great if Burpsuite has a programming interface like fiddlerscript in fiddler. That will allow tester to explore more potential of burpsuite and the requests made.

    1 Agent Answer    0 Community Answer
    Dec 22, 2016 01:35PM UTC
  • Allow Repeater to execute a request several times

    The Intruder option does not work for multipart/form-data requests with binary data. The Intruder tries to interpret the ยง symbols within the binary data and thinks these are payload locations. The Repeater should have a simple option to execute the request several times (with a possible pause between them, fixed or variable), instead of just once, without all the additional functionality offered ...

    1 Agent Answer    0 Community Answer
    Dec 22, 2016 08:53AM UTC