Burp Suite Professional

Product roadmap

We've got big plans for the road ahead - and we're sure you do too.

roadmap for Burp Suite Professional product development

Roadmap for Burp Suite Professional

Integrated SCA capabilities

New feature

Perform software composition analysis (SCA) of client-visible code. Report JavaScript libraries in use that contain known vulnerabilities.

DOM testing tools

New feature

Add-ons to Burp Suite Professional's embedded browser which will enhance manual testing for DOM-based vulnerabilities.

Improved SPA scanning

Feature enhancement

Burp Scanner will handle navigational actions that cause a DOM update without a synchronous request to the server, allowing better handling of single-page applications.

Native HTTP logging

New feature

Based on the user popularity of certain BApps (Logger++ and Flow), Burp Suite Professional will gain native, resource-efficient logging functionality.

Audit of asynchronous traffic

New feature

Burp Scanner will automatically audit in-scope API requests that are issued from client-side JavaScript using XHR and Fetch.

Performance improvements

Feature enhancement

Improved memory and processing efficiency for various Burp features. Users will also gain feedback on any resource-hungry BApps.

Early adopters releases

New feature

All Burp Suite Professional users will gain access to an optional early adopters' release track - giving early access to new and experimental features.

Enhanced Burp Intruder

Feature enhancement

More options for brute forcing and fuzzing. New payload types and placement options, richer results analysis, and incremental saving.

Improved navigational coverage

Feature enhancement

Burp Scanner will detect and interact with more DOM elements that can cause JavaScript-triggered navigation, in addition to conventional links and forms.

API scanning


Enumerate API endpoints to scan APIs in target applications. API scanning utilizes OpenAPI (Swagger) definitions.

Automatic updates


Update without lifting a finger. Burp Suite Professional can now update itself automatically - without user intervention.

New web cache poisoning scan checks


Find cutting-edge vulnerabilities with Burp Scanner. Scan checks based on James Kettle's latest web cache poisoning research.

Browser-powered scanning by default


Best-in-class coverage and scanning performance for challenging targets like AJAX-heavy single page app, with browser-driven (Chromium) scanning. Enabled by default.

Read all release notes

HTTP/2 support


Use HTTP/2 for both inbound and outbound communication over TLS (beta feature). Also gives control of TLS protocols within Burp Proxy.

Inspector view


Manipulate browser traffic more easily. Improved access to headers, parameters, and more - plus automatic encoding and decoding.

Render pages within Burp tools


See exactly what you're looking at - without changing tab. Tools like Burp Repeater and Burp Intruder now allow you to render responses.

Pretty printing in the HTTP message editor


Make code easier to work with. Burp Suite will prettify JSON, XML, HTML, CSS, and JavaScript within the HTTP message editor.

Recorded login sequences


Better scrutinize login-related functionality by recording complex login sequences in a browser. Ideal for JavaScript-heavy logins, or single sign-on.

Embedded browser for manual testing


Proxy HTTPS traffic with no configuration necessary. Burp Suite's embedded Chromium browser can now take care of everything.

Browser-powered scanning enhancements


Significant improvements to Burp Scanner - enabling enhanced performance and coverage of modern navigational patterns.

Customer quote

The tool is self sufficient, with many features out of the box and allows for extensibility. No need for servers or databases. It's a well calibrated "gun". It lets us either validate findings from external security reports or penetration test our software while in development. Source: TechValidate survey of PortSwigger customers

See more customer stories

Software Engineer

Large Enterprise Financial Services Company