Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • Stop scanning form API call

    Hi, Is there any API to stop scanning and start scanning. I want to stop scanning when session is invalidated and resume on proper sessions. How can I achieve this. Regards, Sid

    1 Agent Answer    0 Community Answer
    Aug 24, 2016 07:10AM UTC
  • Spider treating active scan URLs with injected parameter queries as new urls to spider.

    I built an extension that successfully spiders the application, but I have a problem where when active scanning starts in earnest, eventually it starts adding injected URLs into the scanning scope, thus duplicated the amount of work that needs to be done. I cannot find a configuration to shut off the behavior of identifying a URL with query params as a unique URL. I know that OWASP's ZA...

    1 Agent Answer    0 Community Answer
    Aug 16, 2016 04:08PM UTC
  • Load Extensions Headless

    Hi, Can anybody tell me if loading an extension headless is still not possible as per https://support.portswigger.net/customer/portal/questions/9700725-load-an-extension-headless? I really need that to setup automatic scans. Anybody else with this problem or possibly a solution for it? Thanks in advance

    1 Agent Answer    0 Community Answer
    Aug 12, 2016 12:43PM UTC
  • Problem with IScanIssue getHttpMessages()

    I have users reporting issues with an extension that was working fine in 1.6x but is having a problem in 1.7.04 (I did not try with any earlier 1.7x release). The root cause is that the IScanIssue getHttpMessages() method appears to always return an empty array. Is this a known issue? I have a simple extension that can reproduce the problem if you would like to see how I am using the IScanIssue in...

    2 Agent Answers    2 Community Answers
    Aug 06, 2016 12:33AM UTC
  • SQLPy Extension

    Hi I cannot find the START SCAN button on the new version of SQLPy extension. Please help.

    2 Agent Answers    1 Community Answer
    Jul 29, 2016 03:00PM UTC
  • Modifying message before intercepting

    Hi, I'm writing an extension which uses processProxyMessage() to modify the targets and bodies of various requests in various ways. For certain requests, I use message.setInterceptAction(ACTION_DO_INTERCEPT) to have the request intercepted by Burp's proxy gui. My issue is that when the request appears in Burp's proxy gui, it is being sent to the original target, rather than my...

    2 Agent Answers    0 Community Answer
    Jul 25, 2016 06:23PM UTC
  • processmessage called multiple times

    Hi, I'm working on an extension that uses the IProxyListener's processProxyMessage, and I've noticed that processProxyMessage is seemingly called 3 times for each request (not response, specifically request). Is there a reason for this? Thank you

    1 Agent Answer    0 Community Answer
    Jul 19, 2016 05:40PM UTC
  • Swagger Parser and Wsdler improvement

    Hi Portswigger, I don't know if you already got a similar request. I would love to see a Burp Extension similar to Wsdler but for Swagger files (REST API testing) released. This would avoid having to chain Burp (and therefore make life easier for us pentester) to SOAP-UI in order to extract/parse and visualise the different methods call which can be sent to an API. Moreover, right now, w...

    1 Agent Answer    4 Community Answers
    Jul 14, 2016 02:26PM UTC
  • Remove URL from Scope

    Hi, Is there any way to remove a URL from the list of target scopes? (Not excluding a url, just removing it from the include list) Thank you

    2 Agent Answers    1 Community Answer
    Jul 08, 2016 05:57PM UTC
  • How to send a request with different cookie value

    Hi, I'm a noob and I would like to create an extension that after selecting a previous request allows to send automatically a new request with a different value for a certain cookie. Is this possible? If yes which API's libraries should I use? Is there an example that I could use as a starting point? Thanks

    0 Community Answer
    Jul 03, 2016 11:31AM UTC