Burp Proxy is an interactive HTTP/S proxy server for attacking
and testing web applications. It operates as a
man-in-the-middle between the end browser and the target web
server, and allows the user to intercept, inspect and modify the
raw traffic passing in both directions.
Burp Proxy allows you to find and exploit application
vulnerabilities by monitoring and manipulating critical parameters
and other data transmitted by the application. By modifying
browser requests in various malicious ways, Burp Proxy can be used
to perform attacks such as SQL injection, cookie subversion,
privilege escalation, session hijacking, directory traversal and
buffer overflows.
Key features include:
Full HTTP and HTTPS proxy server.
Detailed analysis and rendering of all requests and
responses, with parsing of parameters, headers and various media
content, and hex editing.
Full history of all requests, modifications and responses,
with ability to view saved requests and responses, reissue and
re-modify individual requests, and apply display filters.
Fine-grained rules governing interception of requests and
responses, based on practically any message attribute.
Search and highlight of intercepted message text.
Full integration with other Burp Suite tools.
Facility for multiple request listeners, invisible proxying,
and host redirection.
Ability to save and restore state.
[Pro version only]
Support for upstream proxy server, and authentication to
upstream proxy and web servers, using
basic, NTLM or digest authentication types.
Support for invisible proxying.
Automated regex-based manipulation of HTTP requests and
responses.
Support for custom client and server SSL certificates.
Runs in both Linux and Windows.
Burp Proxy is part of the Burp Suite of web application hacking tools. For examples of
Burp Proxy in action, see the screenshots,
or for detailed information about the configuration and use of Burp Proxy, see
the help file.
