Burp Suite, the leading toolkit for web application security testing

Burp Proxy Documentation - In-Browser Controls

In addition to the main user interface, you can control Burp Proxy directly from within your browser. The in-browser UI can be accessed by visiting http://burp with your browser, or by entering the URL of your Proxy listener, for example:

The in-browser UI lets you view and interact with the Proxy history, Clicking on an entry in the "URL" column displays the original request in raw form. Clicking on an entry in the "Modified" column displays the relevant modified request.

When an individual request is displayed in full, the request can be reissued by clicking the "Repeat request" button. Depending on the currently configured interception rules, the request may be intercepted within the main UI.

If available, you can also view the original response within your browser by clicking the "Show response" button. This causes Burp to return the exact response that was originally received from the server, and neither the request nor response will be intercepted within Burp. Note that when the browser receives the saved response from Burp Proxy, this may cause the browser to make additional requests (for images, CSS, etc.) in the course of rendering the response - these will be handled by Burp in the usual way.

You can download a copy of your Burp CA certificate, which you can install in your browser to eliminate SSL errors.

If you have the Plug-n-hack plugin installed in your browser (currently only available for Firefox) you can also carry out the essential configuration of your browser to work with Burp by visiting the URL of your Proxy listener (for example: and following the "Plug-n-hack" link.

You can disable in the in-browser interface if required, in the Proxy options.


Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Wednesday, April 22, 2015


This release contains a number of minor enhancements and bugfixes, including:

  • The Proxy now uses SHA256 to generate its CA and per-host certificates
  • There is a new button at Proxy / Options / Proxy Listeners to force Burp to regenerate its CA certificate.
  • A bug in the "Paste from file" function which caused Burp to sometimes retain a lock on the selected file has been fixed.
  • A bug in the Intruder "extract grep" function, which sometimes caused extracted HTML content to be rendered as HTML in the results table, has been fixed.

See all release notes ›

Copyright © 2015 PortSwigger Ltd. All rights reserved.