Burp or Burp Suite is a graphical tool for testing Web application security. The tool is written in Java and developed by PortSwigger Security.
The tool has 2 versions: a free version that can be downloaded free of charge (Free Edition) and a full version that can be purchased after a trial period (Professional Edition). The tool was developed to provide a comprehensive solution for a comprehensive tool designed for web application security checks. Except for basic options such as proxy server, scanner and intruder. The tool contains more advanced options such as spider, repeater, decoder, comparer, extender and sequencer.
In addition, the company also developed a mobile application that contains similar tools and is available for download to mobile devices with the version of software iOs 8 and above only.
- HTTP Proxy - It operates as a web proxy server, and sits as a man-in-the-middle between the browser and destination web servers. This allows the interception, inspection and modification of the raw traffic passing in both directions.
- Scanner - A web application security scanner, used for performing automated vulnerability scans of web applications.
- Intruder - This tool can perform automated attacks on web applications. The tool offers a configurable Algorithm that can generate malicious HTTP requests. The intruder tool can test and detect SQL Injections, Cross Site Scripting, parameter manipulation and vulnerability for brute-force attacks.
- Spider - A tool for automatically crawling web applications. It can be used in conjunction with manual mapping techniques to speed up the process of mapping an application's content and functionality.
- Repeater - A simple tool that can be used to manually test an application. The penetration tester can use it to modify requests to the server, resend them, and observe the results.
- Decoder - a tool for transforming encoded data into its canonical form, or for transforming raw data into various encoded and hashed forms. It is capable of intelligently recognizing several encoding formats using heuristic techniques.
- Comparer - A tool for performing a comparison (a visual "diff") between any two items of data.
- Extender - allows the security tester to load Burp extensions, to extend Burp's functionality using the security testers own or third-party code (BAppStore)
- Sequencer - a tool for analyzing the quality of randomness in a sample of data items. It can be used to test an application's session tokens or other important data items that are intended to be unpredictable, such as anti-CSRF tokens, password reset tokens, etc.
- Official website
- Burp Suite Support Center contains a large number of articles and community discussions for using Burp Suite.
- Burp Testing Methodologies explain methodologies for using Burp Suite to test for various kinds of web application vulnerabilities.
- Knowledge Base contains the definitions of all the issues that can be detected by Burp Scanner.
- Burp Suite Essentials, author Akash Mahajan, published by PACKT
- Sec Tools