Burp Suite tools
Last updated: September 14, 2023
Read time: 2 Minutes
Burp Suite contains various tools for performing different testing tasks. The tools operate effectively together, and you can pass interesting requests between tools as your work progresses, to carry out different actions.
- Target - This tool contains detailed information about your target applications, and lets you drive the process of testing for vulnerabilities.
- Burp's browser - This browser is preconfigured to work with the full functionality of Burp Suite right out of the box.
- Proxy - This is an intercepting web proxy that operates as a man-in-the-middle between the end browser and the target web application. It lets you intercept, inspect and modify the raw traffic passing in both directions.
- Scanner - This is an advanced web vulnerability scanner, which can automatically crawl content and audit for numerous types of vulnerabilities.
- Intruder - This is a powerful tool for carrying out automated customized attacks against web applications. It is highly configurable and can be used to perform a wide range of tasks to make your testing faster and more effective.
- Repeater - This is a tool for manually manipulating and resending individual messages, and analyzing the application's responses.
- Sequencer - This is a sophisticated tool for analyzing the quality of randomness in an application's session tokens or other important data items that are intended to be unpredictable.
- Decoder - This is a useful tool for performing manual or automated decoding and encoding of application data.
- Comparer - This is a handy utility for performing a visual "diff" between any two items of data, such as pairs of similar HTTP messages.
- Logger - This is a tool for recording and analyzing HTTP traffic that Burp Suite generates.
- Inspector - This provides some useful features for analyzing and editing HTTP and WebSockets messages.
- Collaborator - This is a manual tool for identifying out-of-band vulnerabilities.
- DOM Invader - This is a tool for finding DOM XSS vulnerabilities.
- Clickbandit - This is a tool for generating Clickjacking attacks.
- Message editor - This is a tool for viewing and editing HTTP requests and responses throughout Burp.
- Engagement tools - Configure various engagement-related tasks.
- Search - This is a tool for performing searches in Burp Suite.
- Infiltrator - This is a tool for detecting whether Burp's input is passed to potentially unsafe APIs.
- Organizer - This is a tool for storing and annotating HTTP messages that you want to investigate later.
Was this article helpful?
An error occurred, please try again.