How do I?

If you've got a general question about using Burp Suite, then this is the best place to ask.

Create new post

View all

Feature Requests

Burp's pretty great already, but could we make it even better? Let us know.

Create new post

View all

Burp Extensions

If your query involves a Burp Suite extension (BApp), then this is the forum for you.

Create new post

View all

Bug Reports

Found a bug in Burp Suite? This is the place to let us know. Our devs will thank you.

Create new post

View all

Latest posts

Project Override Upstream Proxy Servers - Autopopulating and causing infinite proxy loop

I'm having an issue when I try to proxy chain to Fiddler in a corporate environment. I had previously used Fiddler to handle PAC rules to authenticate to outbound web proxy server (NTLM) for external assets and direct...

Bug causes Request Smuggling False Positive

I noted a bug in the request smuggling vulnerability claims. Two requests are quoted, one with a request and a response. The second is provided with a request and no response. The second lacks the two CRLF's required to...

Dynamic analysis - Cross-site scripting (DOM-based)

After scanning my application I have Cross-site scripting (DOM-based) reported, details below: Data is read from input.value and passed to jQuery.replaceWith. The source element has id BasicData_CertificateIssueDate and...

SQL INJECTION

I GOT AN ERROR(INTERNAL SERVER ERROR) WHILE SOLVING THESE CHALLENGES EVEN AFTER SEEING THE SOLUTIONS KINDLY PLEASE HELP ME 1)SQL injection attack, querying the database type and version on MySQL and...

Automating Burp Pro - docker issues (Activation & REST API availability)

Hi, I'm attempting to automate Burp licensing and run Burp with the REST API in headless mode via a Docker container. This is how I'm invoking Burp: "java -Djava.awt.headless=true -jar scanners/burp/burpsuite_pro.jar...

Burp hangs when using http request smuggler

Hello team Burp get hanged when Using request smuggling extension Here is the youtube video https://youtu.be/V3IHU8MDTQA

Lab: Modifying serialized data types

I have a problem with this perticular lab. I've followed the solution as well and still cannot access the admin account. I have a firefox web browser. Pasted in this in the cookies by pressing...

Requests showing -1 status and response length

Requests not returning any response after executing. When i installed logger++ , it shows me Requests showing -1 status and response length.

getProxyInterceptionEnabled() ?

Hello, For an extension I'm developing, I'd like to have the getter counterpart of setProxyInterceptionEnabled(), that would return either the proxy is enabled or not. I'm not able to find it anywhere, neither another...

Renaming Configuration name

Hi, I would love to retain old name of Configuration I chose prior to editing, or being able to set a new one. When I create an Audit configuration like "Audit only parameters", but I want to tweak it on-the-fly (e.g. by...

Burp Suite Support Center

Your source for help and advice on all things Burp-related.