login

Burp Suite, the leading toolkit for web application security testing

Burp Tools

Burp Suite contains various tools for performing different testing tasks. The tools operate effectively together, and you can pass interesting requests between tools as your work progresses, to carry out different actions.

Use the links below to read the detailed help on each of the individual Burp tools:

  • Target - This tool contains detailed information about your target applications, and lets you drive the process of testing for vulnerabilities.
  • Proxy - This is an intercepting web proxy that operates as a man-in-the-middle between the end browser and the target web application. It lets you intercept, inspect and modify the raw traffic passing in both directions.
  • Spider - This is an intelligent application-aware web spider that can crawl an application to locate its content and functionality.
  • Scanner [Pro version] - This is an advanced web vulnerability scanner, which can automatically discover numerous types of vulnerabilities.
  • Intruder - This is a powerful tool for carrying out automated customized attacks against web applications. It is highly configurable and can be used to perform a wide range of tasks to make your testing faster and more effective.
  • Repeater - This is a simple tool for manually manipulating and reissuing individual HTTP requests, and analyzing the application's responses.
  • Sequencer - This is a sophisticated tool for analyzing the quality of randomness in an application's session tokens or other important data items that are intended to be unpredictable.
  • Decoder - This is a useful tool for performing manual or intelligent decoding and encoding of application data.
  • Comparer - This is a handy utility for performing a visual "diff" between any two items of data, such as pairs of similar HTTP messages.
  • Extender - This lets you load Burp extensions, to extend Burp's functionality using your own or third-party code.

User Forum

Get help from other users, at the Burp Suite User Forum:

Visit the forum ›

Tuesday, November 18, 2014

v1.6.08

This release contains various new features and enhancements.

The Scanner has been updated with the ability to detect cross-site request forgery vulnerabilities. The Scanner logic for the detection of XSS and SQL injection vulnerabilities has been further enhanced. Burp's use of temporary files has been updated to use a small number of large temporary files, rather than an individual file for each saved HTTP request and response.

See all release notes ›

Copyright © 2014 PortSwigger Ltd. All rights reserved.