From Collaborative RCE Tool Library

Jump to: navigation, search

Burp Suite

Tool name: Burp Suite
Rating: 5.0 (2 votes)
Author: PortSwigger                        
Current version: 1.1
Last updated:
Direct D/L link:
License type: Free / Open Source
Description: Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.

Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.

Key features unique to Burp Suite include:

* Ability to "passively" spider an application in a non-intrusive manner, with all requests originating from the user's browser.
* One-click transfer of interesting requests between tools, e.g. from the Burp Proxy request history, or the Burp Spider results tree.
* Detailed analysis and rendering of requests and responses.
* Extensibility via the IBurpExtender interface, which allows third-party code to extend the functionality of Burp Suite. Data processed by one tool can be used in arbitrary ways to affect the behaviour and results of other tools.
* Centrally configured settings for downstream proxies, web and proxy authentication, and logging.
* Tools can run in a single tabbed window, or be detached in individual windows.
* All tool and suite configuration is optionally persistent across program loads.
* Runs in both Linux and Windows.

New features in version 1.1 include:

* Improved analysis of HTTP requests and responses wherever they appear, with browser-quality HTML and media rendering.
* Burp Sequencer, a new tool for analysing session token randomness.
* Burp Decoder, a new tool for performing manual and intelligent decoding and encoding of application data.
* Burp Comparer, a new utility for performing a visual diff of any two data items.
* Support for custom client and server SSL certificates.
* Ability to follow 3xx redirects in Burp Intruder and Repeater attacks.
* Improved interception and match-and-replace rules in Burp Proxy.
* A "lean mode", for users who prefer less functionality and a smaller resource footprint.

Burp Suite is a Java application, and runs on any platform for which a Java Runtime Environment is available. It requires version 1.5 or later. The JRE can be obtained for free from
Related URLs: No related URLs have been submitted for this tool yet

RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!

If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)

Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (20)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (22)
   Needs New Category  (3)