Burp Suite contains various tools for performing different testing tasks. The tools operate effectively
together, and you can pass interesting requests between tools as your work progresses, to carry out
Use the links below to read the detailed help on each of the individual Burp tools:
Target - This tool contains detailed information about
your target applications, and lets you drive the process of testing for vulnerabilities.
Proxy - This is an intercepting web proxy that operates as
a man-in-the-middle between the end browser and the target web application. It lets you intercept,
inspect and modify the raw traffic passing in both directions.
- This is an advanced web vulnerability scanner, which can automatically crawl content and audit for numerous types of
Intruder - This is a powerful tool for carrying out
automated customized attacks against web applications. It is highly configurable and can be used to
perform a wide range of tasks to make your testing faster and more effective.
Repeater - This is a tool for manually
manipulating and reissuing individual HTTP requests, and analyzing the application's responses.
Sequencer - This is a sophisticated tool for analyzing
the quality of randomness in an application's session tokens or other important data items that
are intended to be unpredictable.
Decoder - This is a useful tool for performing manual or
intelligent decoding and encoding of application data.
Comparer - This is a handy utility for performing a
visual "diff" between any two items of data, such as pairs of similar HTTP messages.
Extender - This lets you load Burp extensions, to
extend Burp's functionality using your own or third-party code.
Clickbandit - This is a tool for generating Clickjacking attacks.
- This is a tool for making use of Burp Collaborator during manual testing.
Mobile assistant - This is a tool to facilitate testing of mobile apps with Burp Suite.