login

Burp Suite, the leading toolkit for web application security testing

Burp Suite Pro contains the following key components:

  • Intercepting proxy
  • Application-aware spider
  • Web application scanner
  • Advanced fuzzing tools
  • Session token analysis
  • Powerful extensibility
  • Numerous engagement tools

"Burp Suite Pro is my web app assessment tool-of-choice. It has made my life and my job easier so I can be more efficient."

Jed Mitten, Senior Security Consultant, MANDIANT

"We tried the others, but keep coming back to Burp Suite Pro. Nothing comes near it for application security testing."

Steve Lord, Mandalorian

Read more Success Stories ›

Monday, April 25, 2016

Adapting AngularJS Payloads to Exploit Real World Applications

Every experienced pentester knows there is a lot more to XSS than <script>alert(1)</script> - filtering, encoding, browser-quirks and WAFs all team up to keep things interesting. AngularJS Template Injection is no different. In this post, we will examine how we adapted template injection payloads to bypass filtering and encoding and exploit Piwik and Uber.

Read the full blog entry ›

Thursday, May 12, 2016

1.7.03

This release adds some enhancements to, and fixes some minor issues with, the Burp projects feature. Thanks are due to everyone who has provided feedback about the new projects feature since the 1.7beta release. Based on the enhancements made since that release, the projects feature is now officially out of beta, and this release may be regarded as stable. As with all Burp features, we welcome ongoing feedback about the projects feature as people continue to use it.

See all release notes ›

Copyright © 2016 PortSwigger Ltd. All rights reserved.