Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • Need more info on GUI controls, configuration storing and parameters' parsing for my Burp exten...

    Greetings. I'm trying to compose my first Burp extension, and stumbled upon some problems I haven't been able to resolve with google's help. I have to mention that I'm not so skillfull programmer, also, so I'm in search for simplest solution possible to complete the task (this extension is actually a meaningfull project, I need it asap to do my daily work). I use python a...

    2 Agent Answers    1 Community Answer
    Jan 25, 2015 11:10AM UTC
  • Directory guessing extension for the Scanner

    Is there any way to augment the scanner's capabilities to search through a list of directories that I specify? I know how to do this in intruder, but I want to be able to have this trigger automatically during a Burp Suite Scan. I looked at the 'insertion points' extension demo, but that just modifies a post parameter, whereas I want to modify the URL. Thanks in advance for...

    3 Agent Answers    4 Community Answers
    Jan 16, 2015 11:30PM UTC
  • Additional Scanner Checks Extension

    What is the context in which the Additional Scanner Checks extension decides whether or not a header needs the following properties. strict-transport-security x-content-type-options: no sniff X-XSS-protection Some sites I scan will come back with these findings and some will not. I have not noticed any distinguishable pattern of the sites that come back with these findings. (i.e) logon pag...

    1 Agent Answer    0 Community Answer
    Nov 28, 2014 12:05PM UTC
  • Extension bugs

    Hi, Any tips for identifying extensions failing to meet Burp's level of quality? Right now I have java consuming all available CPU and looks like it's not going to recover. Considering how much extra work a crashed burp and losing results costs time for a busy consultant, the unofficial extensions do not justify the costs.. Is it possible for Burp to prevent an extension from...

    1 Agent Answer    0 Community Answer
    Nov 28, 2014 11:57AM UTC
  • Load an extension headless

    Hi, I'm trying to build an easy scanner server, and need to configure Burp to scan in headless mode. As we don't have a graphical interface installed on this server, I have to do all things headless. I would like to load the carbonator BApp in the installation on my Debian 7.6 machine, but have no clue how to do this? I have copied the folder from my Kali box, and activated the ...

    4 Agent Answers    4 Community Answers
    Nov 28, 2014 11:35AM UTC