Yet another year has just gone by in which the price of Burp Suite Pro has held steady. Burp has cost $299 for over three years now.

In that time, we've released 47 updates, and added tons of new features. In the last year alone, we've made the following improvements to Burp:

  • The new BApp Store, for sharing community-authored Burp extensions.
  • Support for WebSockets messages.
  • Improved Spider link discovery and WIVET score.
  • Support for nested scan insertion points, enabling Burp to automatically scan complex data structures, such as JSON within XML within a URL parameter.
  • A brand new static code analysis engine, enabling Burp to reliably report DOM XSS and a dozen other new DOM-based issues.
  • Scanner checks for several new types of vulnerability, including:
    • Perl code injection
    • PHP code injection
    • Ruby code injection
    • Server-side JavaScript code injection
    • File path manipulation
    • Serialized object in HTTP message
    • Cross-site request forgery
  • Significant enhancements to existing scan checks, including XSS, SQL injection, OS command injection and file path traversal.
  • A new mechanism for anonymous reporting of Burp's performance, which has enabled us to resolve several edge case bugs and improve Burp's general stability.
  • Numerous other minor enhancements throughout Burp.

All updates are made available to licensed users without any additional charge.

Today, we pledge that we will not increase the USD price of Burp Suite Pro during 2015. Instead of hiking the price, we'll continue to add great new features. Work is already far advanced on some big new features that will further empower Burp users during the course of 2015.

Happy new year!