Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Thursday, November 4, 2010


  1. Any HTTP response within Burp can now be rendered in your browser, to avoid the limitations of Burp's built-in HTML renderer. This feature is accessed by selecting any item with a response, and choosing the "show in browser" item from the context menu. Burp then gives you a unique URL which you can paste into your browser (configured to use the current instance of Burp as its proxy), to render the response. The resulting browser request is served by Burp with the exact response that you selected (the request is not forwarded to the original web server), and yet the response is processed by the browser in the context of the originally requested URL. Hence, relative links within the response will be handled properly by your browser. As a result, your browser may make additional requests (for images, CSS, etc.) in the course of rendering the response - these will be handled by Burp in the usual way.

  2. The function to save Burp's state now includes an option to include only in-scope items. When working on a client engagement, this enables you to save only relevant items for archiving or sharing with colleagues. The new option is available in the save state wizard, in the automatic backup feature, and in scheduled tasks that save state.

  3. IBurpExtenderCallbacks now includes the following methods for loading and saving configuration:

    java.util.Map saveConfig()

    void loadConfig(java.util.Map config)

    Configuration information is handled as a map of name/value pairs. Any settings not specified in the Map will be restored to their default values. To selectively update only some settings and leave the rest unchanged, you should first call saveConfig to obtain Burp's current configuration, modify the relevant items in the Map, and then call loadConfig with the same Map.

  4. IBurpExtenderCallbacks now includes the following method for adding arbitrary items to Burp's site map:

    void addToSiteMap(IHttpRequestResponse item)

    This method allows extensions to write custom interfaces to import the output from other tools.

  5. IHttpRequestResponse now includes the following methods for accessing user-annotated comments in items belonging to Burp tools that support comments:

    java.lang.String getComment()

    void setComment(java.lang.String comment)

  6. Burp Intruder now includes a built-in payload list containing User-Agent strings for numerous browsers. This can be used for testing whether applications return different content to different mobile devices, etc.

  7. The Suite-wide options now include a default-off option to enable all supported cipher suites during SSL negotiation. This option is not normally necessary but may be useful when attempting to connect to unusually configured SSL stacks.

  8. This release fixes another source of UI instability when running on Mac. Soon, Burp is going to be so stable on this platform that it will prevent OSX itself from crashing.