Burp Suite, the leading toolkit for web application security testing

Burp Proxy

Burp Proxy is an intercepting proxy server for security testing of web applications. It operates as a man-in-the-middle between your browser and the target application, allowing you to:

  • Intercept and modify all HTTP/S traffic passing in both directions.
  • Easily analyze all kinds of content, with automatic colorizing of request and response syntax, rendering of web content, and parsing of serialization schemes like AMF.
  • Apply fine-grained rules to determine which requests and responses are intercepted for manual testing.
  • View all traffic in the detailed Proxy history, with advanced filters and search functions.
  • Send interesting items to other Burp Suite tools with a single click.
  • Save all of your work, and resume working later.
  • Quickly search and highlight interesting content within HTTP messages.
  • Work with custom SSL certificates and non-proxy-aware clients.
  • Define rules to automatically modify requests and responses without manual intervention.

Burp Proxy provides the foundation for Burp Suite's user-driven workflow, allowing you to use an application in the normal way via your browser, and yet have full control of all its requests and responses. Using the Proxy, you can quickly understand how the application works and start testing it manually, and you can also pass individual requests to other Burp tools for more advanced, customized and automated testing.

Screenshots - click to enlarge

Copyright © 2016 PortSwigger Ltd. All rights reserved.