Burp Proxy is an intercepting proxy server for security
testing of web applications. It operates as a man-in-the-middle between your
browser and the target application, allowing you to:
- Intercept and modify all HTTP/S traffic passing in both directions.
- Easily analyze all kinds of content, with automatic colorizing of
request and response syntax, rendering of web content, and parsing of
serialization schemes like AMF.
- Apply fine-grained rules to determine which requests and responses
are intercepted for manual testing.
- View all traffic in the detailed Proxy history, with advanced
filters and search functions.
- Send interesting items to other Burp Suite
tools with a single click.
- Save all of your work, and resume working later.
- Quickly search and highlight interesting content within HTTP
- Work with custom SSL certificates and non-proxy-aware clients.
- Define rules to automatically modify requests and responses without
Burp Proxy provides the foundation for Burp Suite's user-driven workflow,
allowing you to use an application in the normal way via your browser, and
yet have full control of all its requests and responses. Using the Proxy,
you can quickly understand how the application works and start testing it
manually, and you can also pass individual requests to other Burp tools for
more advanced, customized and automated testing.
Screenshots - click to enlarge