Burp Suite

The leading toolkit for web application security testing — trusted by security professionals worldwide.

Category: securityFirst released: 2004Created by: Dafydd Stuttard (PortSwigger)License: ProprietaryPlatforms: macOS, Linux, Windows

Burp Suite is the industry-standard integrated platform for performing security testing of web applications. Developed by PortSwigger, it provides a comprehensive set of tools including an intercepting proxy for modifying HTTP/S traffic, an automated scanner for detecting vulnerabilities, a repeater for manually manipulating requests, and an intruder for automated attacks like fuzzing and brute-forcing. The Burp Collaborator identifies out-of-band vulnerabilities like blind SSRF and blind XXE, while the sequencer analyzes session token randomness. Available in a feature-limited free Community Edition and a powerful Professional Edition with automated scanning, Burp Suite is an essential tool for penetration testers, bug bounty hunters, and security engineers assessing web application security.

Links

Official WebsiteDocumentationGitHub

Key Features

Intercepting proxy (HTTP/HTTPS)Automated vulnerability scanningRequest manipulation (Repeater)Automated attacks (Intruder)Out-of-band vulnerability detectionSession token analysisExtensible via BApp extensions