Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Thursday, January 30, 2014


This release adds support for WebSockets to the Proxy tool. You can now view, intercept and modify WebSockets messages in the same way as regular HTTP messages:

There is a new Proxy history tab for WebSockets messages, with the same capabilities as the HTTP history (filter, sort, search, etc.):

You can configure whether incoming and outgoing WebSockets messages are intercepted at Proxy / Options / Intercept WebSockets Messages.

The Scanner's support for nested insertion points, which was introduced in the previous release, has been updated:
  • Nested data in URL-encoded query string format is now recognized, and insertion points are created for each parameter value within the nested data. This is only done if the nested query string contains at least two parameters, so as to avoid false positive in common cases where a parameter value happens to contain the = character.
  • Highlighting of relevant syntax in reported Scanner issues is now fully precise within nested insertion points, and picks out the exact item of input that Burp modified in order to identify the issue.
The Scanner reporting function now has an option to embed report images inline within the generated HTML. This works on all recent browsers, but you can revert to the old behavior (of images stored in a subdirectory) if you prefer.

There is a new function to report anonymous feedback about Burp's performance. This will help us improve Burp by obtaining technical information about problems within Burp. The feedback does not identify the user, but you can turn this function off at Options / Misc / Performance Feedback.

Various bugs have been fixed.

MD5: b80c61d45054e483870f75fff35d0c56
SHA256: 52903a758d6714aedb90a45f58a477df40288be76ae0f1961510c8755a4ef903