Burp Suite Professional

Test, find, and exploit vulnerabilities

Arm yourself with the leading toolkit for web security testing.

Burp Suite Professional

Burp Suite Professional is an advanced set of tools for testing web security - all within a single product. From a basic intercepting proxy to the cutting-edge Burp Scanner, with Burp Suite Pro, the right tool is never more than a click away.

Our powerful automation gives you more opportunity to do what you do best, while Burp Suite handles low-hanging fruit. Advanced manual tools will then help you identify your target's more subtle blind spots.

Burp Suite Pro is built by a research-led team. This means that before we even publish a paper, its findings have been included in our latest update. Our pentesting tools will make your job faster while keeping you informed of the very latest attack vectors.

Gartner logo

PortSwigger is recognized as a 2020 Gartner Peer Insights Customers' Choice for Application Security Testing.

Accurate as of 12 October 2020.

Read reviews
Gartner peer insights

The Gartner Peer Insights Customers' Choice badge is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customers' Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.

Automatically harvest low-hanging fruit

Low-hanging fruit

Burp Suite Pro can be used to test for the whole OWASP Top 10. The work of PortSwigger's world-leading research team guides Burp Suite's development, and new capabilities are added with each new update.

At Burp Suite's heart lies the web vulnerability scanner. This is the same powerful scanner trusted by many of the world's largest organizations. It's capable of both passive and active analysis.

View all features

Save more time with human-guided automation


You can't find every web security vulnerability using purely automated tools. Many require some form of human input. But exploiting such vulnerabilities can often be a wearisome task.

Powerful labor-saving tools like Burp Intruder allow you to make better use of your time. This is especially true when fuzzing for vulnerabilities or when using other brute force techniques.

View all features

A Swiss Army knife for hackers

Swiss army knife

It's easy to see why Burp Suite Pro works. It's a true one-box solution for finding and exploiting vulnerabilities in web applications, quickly and reliably.

But it doesn't end there. The BApp Store gives you access to hundreds of community-generated plugins. Burp Suite's Extender API allows you to write your own. By augmenting Burp Suite Pro's capabilities in this way, its applications become almost limitless.

View all features

Where Burp Suite goes, others follow

Others follow

Burp was originally written by our founder, Dafydd Stuttard. You might know Daf's name from The Web Application Hacker's Handbook - the de facto standard textbook on web security. Daf still leads our development team.

You can't have cutting-edge tools without research - and our team is second to none. PortSwigger has a commitment to education, and you'll find us at conferences around the globe.

A case in point is Burp Collaborator, which pioneered out-of-band (OAST) testing techniques. We're always experimenting - and our users reap the benefits.

View all features

The industry's most popular tool

Burp Suite Professional has over 46,000 users across more than 130 countries. This makes it the world's most widely used toolkit for web security testing.

This didn't happen by chance. Our tools are known to be a force multiplier for users' knowledge.

Of course, we would say that. But take a look at our credentials. Our software protects many of the world's most powerful organizations:

Amazon logo Google logo Walmart logo FedEx logo AXA logo Microsoft logo Salesforce logo Standard Chartered logo Samsung logo