Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • Design of Active Scanner plugin vs InsertionPoints

    Hi all, I'm new to extending Burp and I wanted to add an active scanner plugin for XXE injection. Therefore I want it to take all post requests, change the content type to text/html and perform some xml entity queries for existing files. Problems I face : 1. I want this plugin to send one request url that supports POST. ( no matter how many parameters ) I tried to check for INS_PA...

    1 Agent Answer    0 Community Answer
    May 15, 2015 10:52AM UTC
  • extender

    So this 'issue' has been happening to me for the last few versions of burp suite pro. right now I am running the latest .18 version. In the extender tab i have the option to automatically reload extensions on startup selected. when i start up burp suite pro later on the extensions will load but for some, (randomly) it will load multiple same extensions. (ie. it will sometimes load 3 sqli...

    2 Agent Answers    1 Community Answer
    May 12, 2015 06:40AM UTC
  • Is it possible to get the request that originated a response from a MessageEditorTab?

    Hi, Is it possible to get the request that originated a response from a MessageEditorTab? Im only adding the tab for the responses, I want to search a log file based on a request header and paste the log entry in the response message editor tab. I can see you can access the response (content) from there but not the request, is anyway to do this? My current approach is to add the reques...

    2 Agent Answers    1 Community Answer
    May 07, 2015 11:19AM UTC
  • Sqlite-jdbc and jython

    Hello, I am trying to do a Python Burp Suite extension (with jython 2.7) and I want to use sqlite to save some data. I have some code examples to use "sqlite.JDBC" working properly with "jython" through the following commands: - export CLASSPATH=/tmp/sqlite-jdbc-3.7.2.jar:$CLASSPATH - jython example.py I have a problem when I try to use this examples like Burp Suite ...

    1 Agent Answer    0 Community Answer
    Apr 23, 2015 03:45PM UTC
  • Burp extension - OS Scanner

    Just wondering if there are any type of extensions that may report OS vulnerabilities at all.

    1 Agent Answer    0 Community Answer
    Apr 21, 2015 06:13PM UTC
  • Burp plugin that does not launch Burp GUI

    We want to write a plugin that runs certain Burp functions, but does so in the background, and without launching the Burp GUI. Is there a way to suppress the GUI while executing certain functions (e.g., Scan)? Please advise. Thanks for any assistance!

    1 Agent Answer    1 Community Answer
    Apr 16, 2015 09:06PM UTC
  • Use "Extract" UI in Plugin

    Hello, Is it possible to integrate the existing Intruder "Define grep extract item" UI (or the Macro::Configure Item "Define Customer Parameter" UI) as part of an extension? I read through the API documentation but could not find a place where this might be exposed. Thanks, Jon

    1 Agent Answer    1 Community Answer
    Mar 10, 2015 02:33PM UTC
  • Parsing AMF3 - Burp

    Hi, I have a Flex app that is sending data using AMF3. I can see the contents in the AMF decode just fine. The problem now is that one of my request parameters is a Byte array. I can edit it in Raw mode, but if the length is increased/decreased by even a single byte - it messes up my request. And I can't apparently edit the Byte array contents using the AMF3 decoder - I can edit other fields...

    1 Agent Answer    1 Community Answer
    Mar 05, 2015 03:55PM UTC
  • Jira integration in the Scanner tool

    I would love to see an integration with Jira bugtracking. This way the scanned vulnerabilities can be quickly documented and sent for mitigation. The creation of the issue would preferably include the description and mitigation from the scanner and the full request and response. A screenshot of the rendered webpage would also be a nice as an attachment. Andy

    2 Agent Answers    1 Community Answer
    Mar 04, 2015 02:36PM UTC
  • exitSuite

    Can someone provide some example code for stopping burp suite programmatically using exitSuite as a Burp extension?

    2 Agent Answers    1 Community Answer
    Feb 25, 2015 06:34PM UTC