How do I?

If you've got a general question about using Burp Suite, then this is the best place to ask.

Create new post

View all

Feature Requests

Burp's pretty great already, but could we make it even better? Let us know.

Create new post

View all

Burp Extensions

If your query involves a Burp Suite extension (BApp), then this is the forum for you.

Create new post

View all

Bug Reports

Found a bug in Burp Suite? This is the place to let us know. Our devs will thank you.

Create new post

View all

Latest posts

Incorrect work of Passive Scan Issues

I began to actively use extensions that analyze content in a passive mode, and noticed that in the latest version (and maybe earlier) there is a problem with creating an issue. For example, the Software Version Reporter...

Community version

Please advise can use the community version for my testing I've downloaded one but it it's not intercepting just wanted to see if I can use for my daily work and buy a full version later.

HTTP request smuggling, confirming a TE.CL vulnerability via differential responses

Hi I understood the principle of the lab and planned to test it. This lab environment should theoretically be TE.CL. First, I used this detection packet ...... Transfer-Encoding: chunked Content-Length:...

need scroll feature in "Action"

when we use multiple extensions then in Proxy tab, whenever we click on Action button then scroll feature is not there so that we can not able to use all features provided by Action button.

Local File Inclusion and Remote code execution request

Good evening portswigger. I recently started learning ethical hacking and bug bounty not too long ago. I have finished the The web application hackers handbook and I'm about half way through your web security academy and I'm...

Embedded browser fails to start from docker container

Hello, I am trying to run the embedded browser from a fedora docker container as a non-root user, however I am failing to do so. I understand clearly that the sandbox feature is not possible on a container due to...

trouble installing

Hello, Trying to run Burpsuite on Kali (Pi4b, Cortex-A72), running the latest Open-JDK and I keep running into issues. If I run the JAR i get: "invalid file (bad magic number): Exec format error" and if I run the...

Intruder---xss playload add-ons

Hello this is Olek I would like ask about intruder scanner.If I scan some website looking for some xss.I have about 1000 payload. There is some add-ons for burp to check which payload suit for xss. for example <script>...

Compare site maps not displaying contents of map 2's request and response

I am trying to use Burp's compare site maps feature to test authorization issues for a client. The request/response pair of map 2 is not displayed. The request was successfully made, which is reflected in the fact that...

Lab: Targeted web cache poisoning using an unknown header

I was trying to solve this lab by injecting the 'alert(document.cookie)' directly in the X-Host header as: 'X-Host: domain"></script><script>alert(document.cookie);</script>' and it was working, it was executing the alert in...

Burp Suite Support Center

Your source for help and advice on all things Burp-related.