Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Wednesday, June 12, 2013


This release contains various enhancements and bugfixes:
  • There is a new payload type in Intruder, which copies the value of the current payload at another payload position. You can also define processing rules to systematically derive one payload from another, rather than copying its literal value. This function is useful in cases where you need to submit the same payload in two locations, or where one parameter is derived from (e.g. a hash of) the parameter that you need to test.
  • You can define Proxy interception rules based on the listener port number, so you can e.g. prevent interception of all messages on a specific listener.
  • The IResponseInfo interface has two new methods: getStatedMimeType() and getInferredMimeType().
  • The memory overhead of saving and restoring state, and performing search operations, is reduced.
  • The Scanner no longer prompts the user for confirmation when an extension programmatically initiates a scan of an out-of-scope item.
  • The problem with superfluous whitespace characters appearing when text is copied from the Scanner advisory panel into another application has been resolved.
  • The CSRF PoC generator now properly escapes tag brackets when using the XHR method, to prevent any closing script tags that are required within the generated request message from breaking the PoC script.
  • Parameter matching between macro items now tolerates URL-encoding of parameter names when performing matching.
  • A bug where certain nonprinting characters were corrupted when loading Intruder payloads from a file has been resolved.
MD5: 2f0d5560ba63c02748b6cad2542a12e7
SHA256: 266c0c5eb5837f8fac32ce5343278a181f191e72b36c619d557ed351c7d5aad9