Portswigger Logo
Burp Suite DASTThe enterprise-enabled dynamic web vulnerability scanner.
Burp Suite ProfessionalThe world's #1 web penetration testing toolkit.
Burp Suite Community EditionThe best manual tools to start web security testing.
View all product editions
Burp ScannerBurp Suite's web vulnerability scannerFeatured Article
Attack surface visibilityImprove security posture, prioritize manual testing, free up time.
CI-driven scanningMore proactive security - find and fix vulnerabilities earlier.
Application security testingSee how our software enables the world to secure the web.
DevSecOpsCatch critical bugs; ship more secure software, more quickly.
Penetration testingAccelerate penetration testing - find more bugs, more quickly.
Automated scanningScale dynamic scanning. Reduce risk. Save time/money.
Bug bounty huntingLevel up your hacking and earn more bug bounties.
ComplianceEnhance security monitoring to comply with confidence.
View all solutions
Burp ScannerBurp Suite's web vulnerability scannerFeatured Article
ResearchAcademy
Support CenterGet help and advice from our experts on all things Burp.
DocumentationTutorials and guides for Burp Suite.
Get Started - ProfessionalGet started with Burp Suite Professional.
Get Started - EnterpriseGet started with Burp Suite Enterprise Edition.
User ForumGet your questions answered in the User Forum.
DownloadsDownload the latest version of Burp Suite.
Visit the Support Center
DownloadsDownload the latest version of Burp SuiteFeatured Article
Product OverviewFeaturesWorkflowBurp AIBurp ScannerCustomer StoriesRequest a TrialBuy
Get certified
Product Overview
Features
Workflow
Burp AI
Burp Scanner
Customer Stories
Request a Trial
Buy
Get certified
Get certified
How to prepare
How it works
Practice exam
What the exam involves
FAQs
Burp Suite Professional

Features

A comprehensive suite of tools to efficiently discover and exploit vulnerabilities in web apps and APIs.
Portswigger Culture Hero Image
image
"I just renewed my annual subscription. Burp Suite is one of the best and affordable Cyber Security products! My thanks go out to the team for providing such an indispensable tool. AppSec would be lost without you."Daniel Oakley, Cyber Security Professional.

Manual penetration testing features

imageLog, intercept, and manipulate HTTPS and WebSocket traffic right out of the box with Burp's built-in browser and proxy.
imageEasily detect otherwise invisible vulnerabilities with out-of-the-box tools for out-of-band testing (OAST).
imageAutomatically map the attack surface with the industry's leading crawler.
imageSimplify testing for DOM-based vulnerabilities with DOM Invader.
imageExpose hidden attack surface with auto-enumeration of static and dynamic URLs and parameters.
imageAssess token strength to test the quality of randomness in data items.
imageManage recon data in a target site map.
imageWork with binary HTTP/2 requests in a familiar, HTTP/1-like format, and seamlessly alternate between protocols with Burp's unrivalled HTTP/2 support.
Portswigger Culture Hero Image

Burp's Proxy Intercept view

Advanced / custom automated attacks

imageConduct faster brute-forcing and fuzzing with custom sequences of HTTP requests and payload sets.
imagePassively scan as you browse, or perform active scans on individual URLs and specific inputs.
imageCapture, filter, and query automated attack results.
imageAutomatically modify HTTP messages with match and replace rules for both responses and requests.
imageEasily generate CSRF proof-of-concept attacks.
Portswigger Culture Hero Image

Automated scanning for vulnerabilities

imageScan your applications using a built-in browser, which navigates complex JavaScript-heavy apps and SPAs, just like a user.
imageScan privileged areas of target applications with authenticated scanning.
imageScan OpenAPI, GraphQL, and SOAP APIs based on a definition file, either discovered during a crawl or uploaded manually.
imageConquer client-side attack surfaces with the built-in JavaScript analysis engine.
imageFuel vulnerability coverage with logic from PortSwigger Research.
imageConfigure scan behavior to customize what you audit, and how.
imageQuickly create custom scan checks (BChecks) using a simple, purpose-built language.
Portswigger Culture Hero Image

Utilize authentication in API scanning

Improve your productivity with a number of tools

imageDeep-dive message analysis with the feature-rich HTTP editor.
imageAutomatically pretty-print formats using JSON, JavaScript, CSS, HTML, and XML.
imageUtilize both built-in and custom configurations.
imageEasily remediate scan results.
imageAutomatically keep a persistent log of all your testing activities using project files.
imageCut through the noise with advanced search, filtering, and sorting features.
imageStore and annotate interesting messages with Burp Organizer.
imageSimple reporting with automated report generation.   
Portswigger Culture Hero Image

Unleash the power of Burp Suite with unrivalled extensibility

imageExplore the unrivalled BApp store for community-created extensions.
imageUnleash thousands of requests per second with Turbo Intruder.
imageCreate custom extensions with the Montoya API.
imagePerform repeat requests when testing for broken access controls with Autorize.
imageCustomize Burp Suite using small snippets of Java with Bambdas.
imageAdapt Burp's Scanner attacks with Upload Scanner.
imageConvert between various encodings with Hackvertor.
imageFind research-grade bugs with Backslash Powered Scanner.
imageHunt for niche java-specific vulnerabilities with J2EE Scan.
imageTweak offsets automatically with HTTP Request Smuggler.
imageQuickly find unkeyed inputs with Param Miner.
Portswigger Culture Hero Image
250+BApp authors
300+Extensions

Automate customized attacks with Burp Intruder

image
“Checking out the new Bambdas for proxy filtering that Burp Suite just launched. Quickly parsing through all my history to identify improperly set Content-Types. It will definitely come in handy to be able to create these powerful filters from now on!”Carles Llobet Pons, Cyber Security Professional.