Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • BURP WS-Security SOAP Webservices security testing

    I see the raw request with junk data for one of the operation in Wsdler. I added the Send to Intruder for the request in wsdler operation and when I navigate to Intruder, I encountered an error.Can you please suggest the way how I can add the keystore to make the encryption and decryption successful and how to verify the security of the web services?

    1 Agent Answer    0 Community Answer
    Jan 24, 2018 07:43PM UTC
  • API proxy show as edited request

    Using the "processHttpMessage" method I'm able to edit a request. How can I make this changed request show up in the proxy as an edited request (just like when a request is edited with proxy intercept)?

    1 Agent Answer    0 Community Answer
    Jan 23, 2018 10:58AM UTC
  • CWE field in IScanIssue

    I've noticed that XML exports of scan issues now include a <vulnerabilityClassifications> field that contains CWE information: <vulnerabilityClassifications><![CDATA[<ul> <li><a href="https://cwe.mitre.org/data/definitions/200.html">CWE-200: Information Exposure</a></li> </ul>]]></vulnerabilityClassifications> Noth...

    1 Agent Answer    0 Community Answer
    Jan 12, 2018 09:31PM UTC
  • TSL 1.2

    Hi All, thats my first post on Burp forum! :) I'm here for a noble cause I guess: trying to give TSL 1.2 support to the glorious (and mistreated) Windows XP. It seems infact the only way to do that, is to configure the system proxy, and Burp Proxy seems very good at that... ;) Unfortunately there is a problem: it all works only when HTTP/S Responses come within seconds. If the Response d...

    2 Agent Answers    2 Community Answers
    Jan 08, 2018 08:27PM UTC
  • Burpsuite Pro v1.7.30

    BApp Store - Attack Selector extension - Description has a misspelling: "Qiuick scan"

    1 Agent Answer    0 Community Answer
    Jan 02, 2018 02:49PM UTC
  • Python Extension don't load in Burp on Fedora

    I've create test python extension: <pre> from burp import IBurpExtender class BurpExtender(IBurpExtender): def registerExtenderCallbacks(self, callbacks): # your extension code here return </pre> <pre> java.lang.NoClassDefFoundError: com/google/common/collect/MapMaker </pre> I've installed jython using Fedora installer and pu...

    2 Agent Answers    2 Community Answers
    Dec 21, 2017 08:33AM UTC
  • Regarding Burp Extensions

    Hi Team Currently I am using burp for sliverlight application which is developed in .NetFrame. .I am able to see the requests call in encrypted format which were developed in SOAP. Also I am unable to repeat the calls using repeater as it says session out etc... Can you please suggest if there are any plugins available for Sliverlight application tests Regards Prasad

    1 Agent Answer    0 Community Answer
    Dec 18, 2017 07:00AM UTC
  • Nested message editors

    Are there any artificial limitations regarding message editor nesting? By registering a message editor factory that creates instances of the class with the source code below, I expect it to act as as "proxy" and the resulting UI should be the same as with the original editor. This works fine if I just create it as a child of an ITab for example. However if I do this like below, invoking ...

    2 Agent Answers    1 Community Answer
    Dec 07, 2017 12:30PM UTC
  • IExtensionHelpers.urlDecode() not handling UTF-8

    I have an input string which contains an ENDASH encoded using UTF-8 as: %E2%80%93 When I decode that in my extension with IExtensionHelpers.urlDecode(String input) I get: – However, the Java URLDecoder.decode(String input, "UTF-8") produces the proper ENDASH: – What encoding is assumed internally by IExtensionHelpers.urlDecode()? Could the API be modified to allow ...

    4 Agent Answers    3 Community Answers
    Nov 30, 2017 12:34AM UTC
  • Burp Store and burp app validation

    Hi, Regarding the burp store, do you do any check regarding the content of the burp extension? How can we guarantee that there are 100% safe and no traffic will be sent to 3rd party? Appreciate your response. Thank you.

    1 Agent Answer    1 Community Answer
    Nov 28, 2017 09:41AM UTC