login

Burp Suite, the leading toolkit for web application security testing

Burp Suite Pro contains the following key components:

  • Intercepting proxy
  • Application-aware spider
  • Web application scanner
  • Advanced fuzzing tools
  • Session token analysis
  • Powerful extensibility
  • Numerous engagement tools

"Burp Suite Pro is my web app assessment tool-of-choice. It has made my life and my job easier so I can be more efficient."

Jed Mitten, Senior Security Consultant, MANDIANT

"We tried the others, but keep coming back to Burp Suite Pro. Nothing comes near it for application security testing."

Steve Lord, Mandalorian

Read more Success Stories ›

Thursday, 16 April 2015

Introducing Burp Collaborator

Today's release of Burp Suite introduces Burp Collaborator. This new feature has the potential to revolutionize web security testing. Over time, Burp Collaborator will enable Burp to detect issues like blind XSS, server-side request forgery, asynchronous code injection, and various as-yet-unclassified vulnerabilities.

In the coming months, we will be adding many exciting new capabilities to Burp, based on the Collaborator technology.

Read the full blog entry ›

Wednesday, April 22, 2015

v1.6.17

This release contains a number of minor enhancements and bugfixes, including:

  • The Proxy now uses SHA256 to generate its CA and per-host certificates
  • There is a new button at Proxy / Options / Proxy Listeners to force Burp to regenerate its CA certificate.
  • A bug in the "Paste from file" function which caused Burp to sometimes retain a lock on the selected file has been fixed.
  • A bug in the Intruder "extract grep" function, which sometimes caused extracted HTML content to be rendered as HTML in the results table, has been fixed.

See all release notes ›

Copyright © 2015 PortSwigger Ltd. All rights reserved.