Burp Suite Pro engineering team

Key functionality

Burp Suite Professional is a single-user, desktop product. It contains various tools for manual and automated penetration testing of web sites.

Based around a versatile intercepting proxy, key features include fuzzing, manual requests, data transcoding, and incremental saving of project data.

Problem space

We often interact with protocols and data formats in nonstandard ways, so we generally need to build our own implementations. And then deliberately break them.

Our engines often employ data models that are updated by pools of worker threads performing parallel network requests and are exposed via a UI providing real-time updates and user control. Some common problems involve ensuring data integrity and avoiding thread deadlocks.

Our product runs on user machines, often with modest system resources. A common challenge involves ensuring efficiency of computation and memory resources while delivering the advanced capabilities that users need.

Technologies

Burp Suite Pro is written in pure Java, with a Swing UI.

We use an embedded Chromium browser to support some functionality. There are no other third-party components.

Our tooling includes IntelliJ IDEA, JUnit, Mockito, git, Gradle, TeamCity, Docker, and various AWS services.