Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • Counting the requests from extensions

    Hi, I want to ask - when I use some extenders (e.g. Scan Check Builder), when I remove all the Active scan rules, apart from those coming from extensions, and I only have a single extension running. In the session tracer I can see quite a big traffic, however in the Scanner - Scan queue I only see 2 requests being use. I suppose this is done by active scan natively. My question is - is it possibl...

    2 Agent Answers    0 Community Answer
    Jun 07, 2018 12:00PM UTC
  • How to scan all urls of a webpage from command line.

    Hi Team, I have used carbonate to san url from the command line where i can pass one url at a time and it scans the url and gives me the HTML report. Can i scan all the urls of a webpage from command line at a time. Please help. Thanks and Regards, Anjani.

    3 Agent Answers    2 Community Answers
    May 31, 2018 09:53AM UTC
  • Odd inconstancy in extension behaviour

    Hello, I wrote an extension that fails for one of my user throwing an exception: --- Traceback (most recent call last): File "E:\BurpSuite Settings and Extensions\Extenders\OurExtensions\Radar\main.py", line 220, in registerExtenderCallbacks self.includeUI = BtnList("includes", self._callbacks, self) File "E:\BurpSuite Settings and Extensions\Extenders\OurE...

    1 Agent Answer    1 Community Answer
    May 30, 2018 09:30AM UTC
  • Attack selector always queues custom attacks

    Hello there, I'm trying to figure out how to use the Attack selector extension. After creating a custom attack. I select from the context menu somewhere in Repeater/Proxy/...etc and it goes with status "queued" but does nothing after that. I have read the note that says I shouldn't use the normal scanner or mess with the configuration .. etc; so I started a clean insta...

    2 Agent Answers    1 Community Answer
    May 23, 2018 11:21AM UTC
  • Can't modify scanner issues context menu

    When I try to add a context menu entry to the scanner issues context menu, nothing shows up, it also does not return a InvocationContext when I right click on the scanner issues.

    2 Agent Answers    2 Community Answers
    May 15, 2018 07:40AM UTC
  • Generating Customised Intruder Attacks from an Extension

    Hi, I'm trying to create a burp extension which generates customised intruder attacks. I'm aware that I can create attacks with some level of control (https://portswigger.net/burp/extender/api/burp/IBurpExtenderCallbacks.html#sendToIntruder(java.lang.String,%20int,%20boolean,%20byte[],%20java.util.List) ), however, is there any way to set options such as the attack type, number of thr...

    2 Agent Answers    1 Community Answer
    May 05, 2018 06:37PM UTC
  • Active scanning sorting features and insertion points fine control.

    Hello, With the aim of automating Burp scan in a development cycle, I wish to get the proxy history of a specific Burp project and launch an active scan on each items. To do so I was wondering if you would make the "remove duplicates" function available in the API (the same as in the menu when launching active scan on a bulk of items) ? Secondly, is there a way to have more fine...

    1 Agent Answer    0 Community Answer
    Apr 24, 2018 04:58PM UTC
  • API function to change Response on the fly

    Hi I'm aware of Match and Replace feature to change response on the fly. But is there a way to do it from plugin API ? I'm looking at potential API https://portswigger.net/Burp/extender/api/burp/IHttpRequestResponse.html#setResponse(byte[]) Please correct me if I'm wrong.

    1 Agent Answer    0 Community Answer
    Apr 16, 2018 06:47AM UTC
  • Giving some input parameters to A Burp Suite Extension !..

    Hello Burp, I wrote a new Burp Suite extension and I can load it to Burp and work with Burp. But I want to give a parameter to the extension so this extension can use this parameter while its running. How it is possible? I wrote extension with Java. I guess that there can be some function to create a text box at Details tab which is at Extender tab, and so user can enter parameter to this t...

    1 Agent Answer    0 Community Answer
    Apr 15, 2018 03:03PM UTC
  • AMF

    What is the current state of AMF support within Burp and Burp plugins? Searching through old support post most AMF support seems very outdated. I'm using Pro 1.7.30. I've tried Blazer. It throws a null pointer exception when doing just about anything. I tried the plugin from NetSPI (https://github.com/NetSPI/Burp-Extensions/tree/master/BurpAMFDSer/New_APIs/executables). Loa...

    1 Agent Answer    3 Community Answers
    Apr 06, 2018 11:09PM UTC