Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Tuesday, December 12, 2017


This release adds new granular configuration of scan issues:

You can select issues by scan type, and active issues are now subdivided into light, medium, and intrusive, based on the nature of the scanning activity involved in finding them.

You can also select individual issues. Whereas previously, you could select broad areas of scanning activity (such as "server-side code injection"), you can now select each issue individually ("PHP code injection", "Perl code injection", etc.).

If you select individual issues, you can also select the detection methods that are used for some types of issues, using the context menu:

This gives you highly granular control of the checks that are performed by Burp Scanner, and lets you create customized configurations for all kinds of specific purposes.

There are various other minor enhancements:
  • A "cancel" button is now shown during long-running filter updates.
  • There is a new option at Project options / SSL / SSL Negotiation to disable SSL session resume.
  • The "Copy as curl command" function no longer ignores any request headers. In older versions of curl, attempting to set some headers was ignored, but this is no longer the case.
  • A bug that caused automatically added SSL pass through entries not to appear in the UI config has been fixed.
MD5: 2d415e17f8bd99da3eb13a24b49bfba2
SHA256: e23cea82a18a1802ee0a9b95e6f4c4252cb42d02814296c438fc51a4e427c417

MD5: b380b4b12d1fec74fb7543c173b41b88
SHA256: abca4f8aaaf07b58692f3b12c5b3dd2e1d3e6e655c17691f99644bf799465f4d

MD5: 7c574f9cdb533b9e7e8c067d8c106db7
SHA256: 71b6f074e5c591247f043286e4b1b3a236b151c75ab7baae475c87d8485ef759

MD5: e75a5536122a2f5bb885fb8993e0ec88
SHA256: 9613c3bdfe53a17c2a0b3140aa9da78fbed6aa0e7cccc6c74dbe505991ae42aa

MD5: 1419145ca7d2a6da477363ac6f4a26e1
SHA256: bae9ce69491c20167a07d5efcbc2a1751ad83eb7b335d190d72ab8ac629f1b22
MD5: ad4afbacde19270b37aaff2336c4ae9f
SHA256: 9b5656905afbbd5f7a03197f9445d2aa9a0de14cabe5bd25cad6ec3093a47482

MD5: 283d8cc624e780abdffd89e558d392d1
SHA256: dd938718ba21e48bd07195f4bf074b0d249c8a3b56ba257d2e65674c8cf448a7

MD5: b20ee3a6d3195739c9dfa42d3db094cb
SHA256: 13e9210504c1a3c99d7d7c33c9a5b437f7845dd0d5929101a045c84a7b571d52

MD5: e0933d8cc9821fe9047218a464782d8a
SHA256: b5547c7fc6ce30870e47cb3e0cee20e17acbc3ff0f172c1917edc044d6c08422

MD5: 4253d70211421ea3e73ccc04f84bc720
SHA256: dbf9c831101ffab284d67f802b5fc7b920acaad9f596778615f369a39b5b1010