Burp Suite helps you secure your web applications by finding the vulnerabilities they contain.

Our cutting-edge tools let you combine automated and manual techniques to make your security testing more effective and thorough than ever before.

Burp Suite Pro contains the following key components:

Intercepting proxy
Application-aware spider
Web application scanner
Advanced fuzzing tools
Session token analysis
Powerful extensibility
Numerous engagement tools

Tuesday, July 26, 2016

Introducing Burp Infiltrator

The latest release of Burp Suite introduces a new tool, called Burp Infiltrator. Burp Infiltrator is a tool for instrumenting target web applications in order to facilitate testing using Burp Scanner. Burp Infiltrator modifies the target application so that Burp can detect cases where its input is passed to potentially unsafe APIs on the server side. In industry jargon, this capability is known as IAST (interactive application security testing).

Read the full blog entry ›

Thursday, September 8, 2016

1.7.06

This release introduces a new scan check for second-order SQL injection vulnerabilities. In situations where Burp observes stored user input being returned in a response, Burp Scanner now performs its usual logic for detecting SQL injection, with payloads supplied at the input submission point, and evidence for a vulnerability detected at the input retrieval point.

See all release notes ›

Burp Suite, the leading toolkit for web application security testing