Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • Which Java?

    do i need to install Java SE Runtime (oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html) or Java for windows (java.com/en/download/windows_xpi.jsp?locale=en) to work with Extensions correctly? i see here that support suggested to use Java SE http://forum.portswigger.net/thread/1167/unable-load-extensions-bapp-store is there a difference between both and do i get any ...

    1 Community Answer
    Feb 14, 2015 08:31PM UTC
  • Browser repeater extansion failed to load

    Hi, I'm trying without luck to load "Browser repeater" extension. I'm doing this under 1.6.09 and 1.6.10 Burp Pro versions with jython-standalone-2.5.4-rc1.jar. I'm getting all the time the following error. Does anybody knows how that can be resolved? " org.openqa.selenium.WebDriverException: java.lang.NullPointerException Build info: version: 'u...

    1 Agent Answer    0 Community Answer
    Feb 10, 2015 01:37PM UTC
  • Extension which scans a predined list of urls

    Is there a current extension which will take a predefined list of URL's and scan them? I was writing my own extension and I was able to use sendToSpider(url) method to add my URL to the spider but I wanted to know if there a way where instead of sending this URL to the burp spider I can directly send it to the scanner i.e. tell burp to do a scan on this URL.

    0 Community Answer
    Feb 09, 2015 11:21PM UTC
  • Need more info on GUI controls, configuration storing and parameters' parsing for my Burp exten...

    Greetings. I'm trying to compose my first Burp extension, and stumbled upon some problems I haven't been able to resolve with google's help. I have to mention that I'm not so skillfull programmer, also, so I'm in search for simplest solution possible to complete the task (this extension is actually a meaningfull project, I need it asap to do my daily work). I use python a...

    2 Agent Answers    1 Community Answer
    Jan 25, 2015 11:10AM UTC
  • Directory guessing extension for the Scanner

    Is there any way to augment the scanner's capabilities to search through a list of directories that I specify? I know how to do this in intruder, but I want to be able to have this trigger automatically during a Burp Suite Scan. I looked at the 'insertion points' extension demo, but that just modifies a post parameter, whereas I want to modify the URL. Thanks in advance for...

    3 Agent Answers    4 Community Answers
    Jan 16, 2015 11:30PM UTC
  • Additional Scanner Checks Extension

    What is the context in which the Additional Scanner Checks extension decides whether or not a header needs the following properties. strict-transport-security x-content-type-options: no sniff X-XSS-protection Some sites I scan will come back with these findings and some will not. I have not noticed any distinguishable pattern of the sites that come back with these findings. (i.e) logon pag...

    1 Agent Answer    0 Community Answer
    Nov 28, 2014 12:05PM UTC
  • Extension bugs

    Hi, Any tips for identifying extensions failing to meet Burp's level of quality? Right now I have java consuming all available CPU and looks like it's not going to recover. Considering how much extra work a crashed burp and losing results costs time for a busy consultant, the unofficial extensions do not justify the costs.. Is it possible for Burp to prevent an extension from...

    1 Agent Answer    0 Community Answer
    Nov 28, 2014 11:57AM UTC
  • Load an extension headless

    Hi, I'm trying to build an easy scanner server, and need to configure Burp to scan in headless mode. As we don't have a graphical interface installed on this server, I have to do all things headless. I would like to load the carbonator BApp in the installation on my Debian 7.6 machine, but have no clue how to do this? I have copied the folder from my Kali box, and activated the ...

    4 Agent Answers    3 Community Answers
    Nov 28, 2014 11:35AM UTC