Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • NullPointerException while attempting passive or active scan from extension

    Hi Team - I am using Burp Suite Pro v1.6.36 and trying to automate passive and active scanning on incoming requests via Burp proxy. I get a NullPointerException while attempting to perform a passive or active scan and further processing seems to get skipped (i.e. adding to active scan queue, in case of active scan). However, in Burp suite UI, I see some issues getting captured as part of the ...

    1 Agent Answer    1 Community Answer
    Feb 02, 2016 04:44PM UTC
  • AMF Deserialization Dispaly Tag

    How to configure to see the AMF Deserialization tag in request and response. Refer :- But it's showing error while I add it to burp extensio.

    1 Agent Answer    0 Community Answer
    Feb 02, 2016 02:33PM UTC
  • HTTP/2 - Upgrade Header filtered

    Hi, I was experimenting with curl, sending HTTP/2 requests and realised that Burp is filtering/replacing the HTTP/2 Upgrade header since version 1.6.33. Therefore no HTTP/2 communication is established with the server. I know that Burp is not supporting HTTP/2 yet and the HTTP/2 frames cannot be decoded in Burp, but is it possible to get the original, unfiltered content if a HTTP/2 request is s...

    1 Agent Answer    1 Community Answer
    Jan 28, 2016 05:37AM UTC
  • Session handling in Burp extensions

    Hi, I am currently implementing a specific attack with a Burp extension. Before I start the attack, I need to delete all cookies for the target domain. The attack consists of several HTTP requests. For these requests I need a session handling. I have been using Burps cookie jar by enabling the cookie jar for extensions (under Options->Sessions). I delete the cookies for the target domain...

    2 Agent Answers    0 Community Answer
    Jan 25, 2016 01:18PM UTC
  • Unable to intercept the web socket requests in v1.6.34

    Hi, I was able to intercept & retrieve the web socket traffic in burp v1.6.31. But same traffic I'm unable to retrieve in v1.6.34. Could you please help me to resolve this issue. Thanks & Regards, Sharath

    2 Agent Answers    0 Community Answer
    Jan 21, 2016 01:43PM UTC
  • Save and restore state of an extension

    Hi! I'm working on a "Save and Restore state" for a Burp Suite plugin. The state must contain also some IHttpRequestResponsePersisted. My idea was to save host, port, protocol, request bytes and response bytes and then restoring in this way: httpService = buildHttpService(host, port, protocol) IHttpRequestResponse reqRes = makeHttpRequest(httpService, request) reqRes.setResp...

    1 Agent Answer    0 Community Answer
    Jan 01, 2016 10:54AM UTC
  • Bapp Extension Signature

    When installing a Burp extension from the Bapp Store I see a "BappSignature.sig" file is part of the install. I assume this is a Bapp Store generated digital signature of the extender package and is checked by Burpsuite when installed. But I cannot find any documentation of this feature. Is my assumption correct? Thanks

    1 Agent Answer    0 Community Answer
    Dec 30, 2015 03:21PM UTC
  • Extract Response Message Body

    Hey , I am making my first extension using Java in NetBeans, and I need to extract the message from the Response so that I can perform my operations over it. But after checking the examples and other javadocs , I was unable determine how to do it. Kindly, let me know how can I extract the message from the response??

    1 Agent Answer    1 Community Answer
    Dec 30, 2015 09:29AM UTC
  • Customizing my TAB

    Hey, I was writing my first extension with the aim to encrypt the selected responses to md5/sha1/etc based on user selection. Based on the custom logger extension example in the blog, I made my new tab with display and all but I am not able to control the GUI Feature of the tab. JTabbedPane tabs = new JTabbedPane(); requestViewer = callbacks.createMessageEditor(BurpExten...

    1 Agent Answer    1 Community Answer
    Dec 29, 2015 09:58AM UTC
  • start burp remotely with Remote procedure call (windows)

    Hi, We need to start burp on a windows server remotely using Remote procedure call. We also need the burp started with an extension loaded. Since we are not able to specify an extension on command line, we start burp locally, load the extension, and then exit. Hope burp will be started with extension loaded when we use Remote procedure call. when we pragmatically start burp from another s...

    2 Agent Answers    2 Community Answers
    Dec 24, 2015 02:58AM UTC