Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Friday, October 14, 2016


This release considerably enhances Burp Scanner's logic for reporting issues with cross-origin resource sharing (CORS) and introduces three new issues:
  • CORS: arbitrary origin trusted
  • CORS: all subdomains trusted
  • CORS: unencrypted origin trusted
There are many subtleties with CORS configuration that are not widely understood but can lead to catastrophic vulnerabilities, as described in today's blog post. This update puts all of the knowledge from this research into Burp so that it can accurately report all of the different problems that can arise with CORS.
MD5: 41d7091e6f726b054a94336eba590eb8
SHA256: 27e53041de128ee92b7faacba6808800bb2be9d4fc827cf62484a5bfb1b6f314

MD5: 56e86cb01563730c6a59bea150dcf8c9
SHA256: 7320d6fdd4192fc34be0b72ce63df09e9c468c5f92a69ac0efaf038d5139b4ff

MD5: eb98fc4432cff3e288afd2bd2b6b3661
SHA256: 5b20bc2f1b236af3049a155fa8f122f5d91097041ebf17964bd640aa439ecaaf

MD5: 7301606590748be43d37a9080d78ba8f
SHA256: fa35a1c19ef7277540b367c36273096e92c97728317e1620a2cb836b76ecfe76

MD5: 22e4f0913a94c734e4083a8dbcc7a01d
SHA256: e3e78068f87f28dd4421d1cc0e9d8f74bfbcd32502300871ee2bf5fa648437cf