login

Burp Suite, the leading toolkit for web application security testing

Burp Suite Pro contains the following key components:

  • Intercepting proxy
  • Application-aware spider
  • Web application scanner
  • Advanced fuzzing tools
  • Session token analysis
  • Powerful extensibility
  • Numerous engagement tools

"Burp Suite Pro is my web app assessment tool-of-choice. It has made my life and my job easier so I can be more efficient."

Jed Mitten, Senior Security Consultant, MANDIANT

"We tried the others, but keep coming back to Burp Suite Pro. Nothing comes near it for application security testing."

Steve Lord, Mandalorian

Read more Success Stories ›

Wednesday, January 27, 2016

XSS without HTML: Client-Side Template Injection with AngularJS

Naive use of the extremely popular JavaScript framework AngularJS is exposing numerous websites to Angular Template Injection. This relatively low profile sibling of server-side template injection can be combined with an Angular sandbox escape to launch cross-site scripting (XSS) attacks on otherwise secure sites. This post will summarize the core concepts of Angular Template Injection, then show the development of a fresh sandbox escape affecting all modern Angular versions.

Read the full blog entry ›

Friday, February 12, 2016

1.6.37

This release gives the Scanner the capability to report all instances where user input is returned in application responses, both reflected and stored. The information gathered is primarily of use to manual security testers. Some applications contain numerous instances of input retrieval, since it is very common for the entire URL to be reflected within responses. For these reasons, the new Scanner checks are off by default, but can be turned on in the Scanner options.

See all release notes ›

Copyright © 2016 PortSwigger Ltd. All rights reserved.