Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • Is it possible to retrieve the path of the currently open project?

    I would like to retrieve the path of the currently open Burp Project to reference some resource on the filesystem relative to the project directory. I am unable to find a suitable API to do this in the documentation. Is it currently possible to do this? If not is it possible to add an API for it?

    1 Agent Answer    0 Community Answer
    Aug 14, 2018 02:31AM UTC
  • SSL Scanner

    Hi, I get this error while installing the burp extension for SSL scanner. Any help to resolve this? Jython version used is 2.7.0 Traceback (most recent call last): File "<Home>\AppData\Roaming\BurpSuite\bapps\474b3c575a1a4584aa44dfefc70f269d\burp-ssl-scanner.py", line 145, in registerExtenderCallbacks scanAccuracy = projectConfig['scanner']['active_sca...

    1 Agent Answer    0 Community Answer
    Aug 09, 2018 08:02PM UTC
  • Retire.js not working

    Hi, The retire.js extension in Burp Suite Pro is not working. I do not see any feedback during passive scanning in either the "Target>Issue" or "Scanner>Issue activity" tabs. The firefox Retire.js plugin does show issues so I know it should show something. I just downloaded Pro with this plugin as one of the reasons. I do run on the newest Kali which has JRE versio...

    3 Agent Answers    3 Community Answers
    Aug 07, 2018 01:33PM UTC
  • failed to coerce [Lburp.IHttpRequestResponse; to burp.IHttpRequestResponse

    Hi everyone. I writing burp extender code using Jruby. and... come in error :( Plz help me... [ Error ] failed to coerce [Lburp.IHttpRequestResponse; to burp.IHttpRequestResponse [ Code line ] def createMenuItems(invocation) .... requestResponse = invocation.getSelectedMessages .... Blahblah~~ @callbacks.saveBuffersToTempFiles(requestResponse) # I think, error in this line ...

    1 Community Answer
    Aug 01, 2018 06:24AM UTC
  • Burp Extension Loading hangs

    Hi I'm trying to load some Burp extensions (Java/Jython), but the load hangs without any error or log messages. I'm using the latest version of Burp Pro 1.7.35, the extensions I'm trying to load are: HUNT scanner HUNT methodology show insertion points burp_vulners_scanner-1.1 The interesting point is that the HUNT extensions work with an older version of Burp Pro (1.7.21), ...

    3 Agent Answers    1 Community Answer
    Jul 18, 2018 09:13AM UTC
  • Automatically Change Response

    Hi, I am currently developing a Burp plugin in python and do have a problem for which I don't have a solution. I basically want to automatically change the response but I do have a plugin in between that decodes my binary. What I have achieved until now is that I see my decoded message as a new tab in the proxy and target view. I can also manipulate the response by intercepting it first a...

    1 Agent Answer    1 Community Answer
    Jun 27, 2018 02:23PM UTC
  • Burp upstream proxy settings and setHttpService

    Hello, I was wondering if you can help me with a few questions. I'm trying to dynamically set the upstream proxy depending on the current request and modify incoming response based on a set of rules. In that regards, I've a few questions. 1. Based on this answer (https://support.portswigger.net/customer/portal/questions/17143574-project-configuration-changes-aren-t-picked-up-dur...

    3 Agent Answers    4 Community Answers
    Jun 22, 2018 01:22PM UTC
  • Detection of outdated components

    Dear all, How can I know if a specific component is outdated and will be detected or not by BurpSuite? In specific I had a complaint from a customer, we did not detect that primefaces 5.x is vulnerable (CVE-2017-1000486).In burp-log I can see primefaces 5.x was in an server response. Does Retire.js help here? Best regards and thanks in advance.

    1 Agent Answer    1 Community Answer
    Jun 20, 2018 06:15PM UTC
  • Problem with burp extension to automate security checks of single sign-on

    Hello, I'm currently trying to develop (jython) extension to automate some work with single sign-on protocols (like oauth, saml etc.). The main idea how it would work is: - Check requests if it's an sso request - Determine which one it is - Perform some passive checks - Perform active checks which would lead to start a new chain of authorization with protocol and perform some atta...

    1 Agent Answer    0 Community Answer
    Jun 13, 2018 01:00PM UTC
  • Extensions class loading

    Hello, I was wondering if Burp supports class loading from extensions. What I am looking for is if an extension can be made available as an API and that API's classes be used from other extensions. Does Burp's API support this or can it be done using Java's ClassLoader? Does Burp use separate class loaders that isolate each extension? Any help is appreciated. Thanks, V...

    1 Agent Answer    0 Community Answer
    Jun 11, 2018 03:28AM UTC