Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • Adding GetSiteMap() to Carbonator

    I'm attempting to add to the carbonator extension a method for extracting the sitemap URLs into a text file. The code I have written so far is below, and the output I get is 'array(burp.IHttpRequestResponse)'. I know I need to call the IHttpRequestResponse interface somehow to tap into the array. I import it from burp at the beginning of the code, but when I add that call to the Bur...

    2 Agent Answers    3 Community Answers
    Aug 31, 2015 03:53PM UTC
  • burp hangs while shell command completes

    Hello, I have an extension which calls a shell command that takes a bit to complete. After invoking this from the context menu, burpsuite hangs and resumes after the command completes. I have tried using threading to avoid the hang but have not had any luck. The extension is written in python and I am using Popen and communicate because I need certain tasks to wait until the command completes. A...

    1 Agent Answer    0 Community Answer
    Aug 31, 2015 01:17PM UTC
  • The scanner report size is not consistant for the same web site.

    Hi we have a job (scheduled to run once a day) that invokes BURP (with carbonator extension) through cammand line. this setup is been working for quite a while. when we look at scanner reports we see that some days it is 16MB other days it is 11MB or something else. we want to know why there difference in the repoted issues (or generated report size) for the same website.

    2 Agent Answers    1 Community Answer
    Aug 12, 2015 10:13AM UTC
  • How Does Burp Handle Responses?

    Hi, I hope this is not a duplicate question, but I couldn't find the response to it. I wonder if it is worth checking if the response I'm analyzing for the PDF Metadata Extension is actually a PDF file before reading the response. Does Burp read the whole answer with response = self._requestResponse.getResponse() already? If yes, is the impact on resources high enough that it is...

    1 Agent Answer    0 Community Answer
    Aug 06, 2015 08:24AM UTC
  • How to send a post request?

    I read the document and know that we could use `makeHttpRequest` to send request. I've tried that if I used `PARAM_URL`, it success. I've read this thread before: http://forum.portswigger.net/thread/1571/send-post-requests-burp-extension However, if I change it to `PARAM_BODY`, it failed. My testing web server works well, for example: ``` $curl --data "title=hi&bo...

    1 Agent Answer    1 Community Answer
    Aug 04, 2015 02:31AM UTC
  • Re-writing responses

    I am trying to write my first extension to add a csp header to the response. I have found several articles about adding headers to the requests but none for responses. This if my first try, which does not work. Any pointers to fix this would be appreciated. Thanks! def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): # determine what tool we would like to pass tho...

    1 Agent Answer    0 Community Answer
    Jul 29, 2015 09:02PM UTC
  • Running automated scans with Carbonator

    We installed Carbonator from within the Burp scanner under the BApp store and ran the following command for as a test: java -jar Xmx2g c:\Users\Desktop\Burpsuite_pro_v1.6..21.jar https://www.google.com. We received the error message: Error occurred during initialization of VM Could not reserve enough space for 2097152KB object heap. The Burp scanner is running a VM workstation with 4GB of mem...

    3 Agent Answers    2 Community Answers
    Jul 29, 2015 02:19PM UTC
  • How to transfer some domain’s requests to my server?

    I use Burpsuite as a proxy, and I want to collect all the requests of some domain, then send these requests to my server . For example, I want to collect all the requests of [target.com]. When a request like below come through Burpsuite: ### request begin ### http://target.com/post.php?t=12 title=hi&content=thx ### request end ### To collect these requests, I created a web server i...

    3 Agent Answers    4 Community Answers
    Jul 29, 2015 09:11AM UTC
  • Issues running any Ruby dependent extension

    I'm trying to run Buby on my MacBook Pro Burp Pro. When trying to load the extension, I get the following error: LoadError: no such file to load -- pp require at org/jruby/RubyKernel.java:1040 (root) at /Users/peter/Desktop/work/tools/burp/bapps/bd453f3f4b364b9fba4e40e1eb6e8fb0/lib/buby.rb:1 require at org/jruby/RubyKernel.java:1040 (root) at /Users/peter/Desktop/work/tool...

    1 Agent Answer    2 Community Answers
    Jul 24, 2015 03:32PM UTC
  • Adding POST request to site map also adds a GET for same URL

    I have a simple class that implements IHttpRequestResponse and IHttpService. I use it to construct a IHttpRequestResponse object that is ultimately added to the site map using IBurpExtenderCallbacks#addToSiteMap. When instantiate my the class with a POST request and add it to the site map, a GET request to the same URL is added as well. Any idea what causes that? code snips here: http://git.io/...

    1 Agent Answer    0 Community Answer
    Jul 16, 2015 08:48AM UTC