|Type||Web application security|
Burp or Burp Suite is a graphical tool for testing Web application security. The tool is written in Java and developed by PortSwigger Web Security. The tool has three editions: a Community Edition that can be downloaded free of charge, a Professional Edition and an Enterprise Edition that can be purchased after a trial period. The Community edition has significantly reduced functionality. It intends to provide a comprehensive solution for web application security checks. In addition to basic functionality, such as proxy server, scanner and intruder, the tool also contains more advanced options such as a spider, a repeater, a decoder, a comparer, an extender and a sequencer.
The company behind Burp Suite has also developed a mobile application containing similar tools compatible with iOS 8 and above.
PortSwigger was founded in 2004 by Dafydd Stuttard, an expert in web security, who also authored The Web Application Hacker's Handbook, a manual on web application security. PortSwigger was named on The Sunday Times SME Export Track 100 in 2018, as one of Britain's SMEs with the fast-growing international sales.
- HTTP Proxy - It operates as a web proxy server, and sits as a man-in-the-middle between the browser and destination web servers. This allows the interception, inspection and modification of the raw traffic passing in both directions.
- Scanner - A web application security scanner, used for performing automated vulnerability scans of web applications.
- Intruder - This tool can perform automated attacks on web applications. The tool offers a configurable algorithm that can generate malicious HTTP requests. The intruder tool can test and detect SQL injections, cross-site scripting, parameter manipulation and vulnerabilities susceptible to brute-force attacks.
- Spider - A tool for automatically crawling web applications. It can be used in conjunction with manual mapping techniques to speed up the process of mapping an application's content and functionality.
- Repeater - A simple tool that can be used to manually test an application. It can be used to modify requests to the server, resend them, and observe the results.
- Decoder - A tool for transforming encoded data into its canonical form, or for transforming raw data into various encoded and hashed forms. It is capable of intelligently recognizing several encoding formats using heuristic techniques.
- Comparer - A tool for performing a comparison (a visual "diff") between any two items of data.
- Extender - Allows the security tester to load Burp extensions, to extend Burp's functionality using the security testers own or third-party code (BAppStore)
- Sequencer - A tool for analyzing the quality of randomness in a sample of data items. It can be used to test an application's session tokens or other important data items that are intended to be unpredictable, such as anti-CSRF tokens, password reset tokens, etc.
- Wear, Sunny (2018). Burp Suite Cookbook: practical recipes to help you master web penetration testing with Burp Suite. Packt. ISBN 9781789539271.
- "Using Burp Suite proxy tool to examine client-side requests". ComputerWeekly.com. Retrieved 2019-09-09.
- "Burp Suite Scanner". portswigger.net. Retrieved 2019-09-02.
- "Renowned security experts make up NCC Group's .trust Advisory Board". www.nccgroup.trust. Retrieved 2019-09-02.
- "The Web Application Hacker's Handbook". portswigger.net.
- "PortSwigger - The Sunday Times SME Export Track 100, 2018". Fast Track. Retrieved 2019-09-02.
- Brewster, Tom (30 January 2014). "How the NSA, GCHQ and crooks can hack mobile apps". Wired UK. ISSN 1357-0978. Retrieved 2019-09-09 – via www.wired.co.uk.
- Greenberg, Amdy (31 August 2017). "Hacking Retail Gift Cards Remains Scarily Easy". Wired UK. ISSN 1357-0978. Retrieved 2019-09-09 – via www.wired.co.uk.
- "Burp Suite Tutorial: Part 2 – Intruder and repeater tools". ComputerWeekly.com. Retrieved 2019-09-09.