Burp Suite, the leading toolkit for web application security testing

Suite Options: Misc

This tab contains settings for hotkeys, logging, location of temporary files, automatic backup, scheduled tasks, Burp Collaborator server, and performance feedback.


These settings let you configure hotkeys for common actions. Numerous types of actions can be assigned a hotkey, in the following categories:

A number of hotkeys are configured by default. Note that very many more actions are available to have a hotkey assigned, if you use them frequently.

All hotkeys must use the Control key (or the Command key on OSX), and may also use Shift and other available modifiers. Note that on some Windows installations the Ctrl+Alt combination is treated by Windows as equivalent to AltGr, and so may result in typed characters appearing when pressed in text fields. 


These settings control logging of HTTP requests and responses. Logging can be configured per-tool or for all Burp traffic.

Temporary Files Location

These settings let you configure where Burp stores its temporary files.

By default, Burp creates a directory within the temporary file location provided by the platform. You can modify this behavior to use a custom directory - for example, on a different volume, or which is not world-readable.

On Mac OS X, you may find that the default temporary file location is sometimes cleared following system hibernation, causing Burp to lose its temporary files. You can resolve this problem by configuring a custom location for Burp to store its temporary files.

Changes to this setting take effect the next time Burp starts up.

Automatic Backup

[Pro version] These settings let you configure Burp to save a backup of all tools' state and configuration in the background at a configurable interval, and also optionally on exit.

Using these options means you will generally have a recent backup copy of your work in the event that Burp exits abnormally. If you have configured the target scope for your work, you can use the "Include in-scope items only" to reduce the amount of data that must be saved.

Scheduled Tasks

[Pro version] See the Task Scheduler documentation.

Burp Collaborator Server

Burp Collaborator is an external service that Burp can use to help discover many kinds of vulnerabilities. For more details about the functionality and alternative methods of utilization of Burp Collaborator, see the main Burp Collaborator documentation.

Note: The functionality of Burp Collaborator gives rise to issues that require careful consideration by users. Users should ensure that they fully understand the functionality and the alternative methods of utilization of Burp Collaborator, and have considered the consequences of utilization for themselves and their organization.

The following options for using Burp Collaborator server are available:

If you are using a private Collaborator server, you will need to configure Burp with the details of its location. The following options are available:

The following further options are also available:

Performance Feedback

You can help improve Burp by submitting anonymous feedback about Burp's performance.

Feedback only contains technical information about Burp's internal functioning, and does not identify you in any way. If you do report a bug, you can help us diagnose any problems that your instance of Burp has encountered by including your debug ID.


Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Friday, February 12, 2016


This release gives the Scanner the capability to report all instances where user input is returned in application responses, both reflected and stored. The information gathered is primarily of use to manual security testers. Some applications contain numerous instances of input retrieval, since it is very common for the entire URL to be reflected within responses. For these reasons, the new Scanner checks are off by default, but can be turned on in the Scanner options.

See all release notes ›

Copyright © 2016 PortSwigger Ltd. All rights reserved.