Burp Suite
By PortSwigger
Burp Suite is an integrated platform for web application security testing, widely used by penetration testers and security researchers to discover and exploit vulnerabilities.
Definition
Burp Suite is an integrated platform for web application security testing, widely used by penetration testers and security researchers to discover and exploit vulnerabilities.
Overview
At its core, Burp Suite runs as an intercepting HTTP(S) proxy, sitting between a browser and a target web application so every request and response can be inspected and modified. Its Repeater tool lets testers manually resend and tweak individual requests, while Intruder automates sending large numbers of crafted requests for fuzzing and brute-force-style testing; the paid Professional and Enterprise editions add an automated vulnerability Scanner that crawls and tests an application for common issues. Developed by PortSwigger, Burp Suite has become one of the two most widely used tools — alongside OWASP ZAP — in professional web application penetration testing, and the categories of issues it's used to find map closely to what's covered in Cybersecurity for Developers: The OWASP Top 10 Explained. Its functionality can be extended through the BApp Store, a marketplace of community-built extensions, and it's frequently used alongside identity and access tools like Auth0 or Keycloak when testing authentication and session-handling flaws.
Key Features
- Intercepting HTTP(S) proxy for inspecting and modifying traffic
- Repeater for manual request manipulation and replay
- Intruder for automated fuzzing and brute-force-style attacks
- Automated vulnerability Scanner (Professional/Enterprise editions)
- Extensibility through the BApp Store plugin marketplace
- Session handling rules and macro recording for authenticated testing
- Comparer and Sequencer tools for analyzing tokens and session data