Burp Suite by PortSwigger Web Security is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. It is designed to support the methodology of a hands-on tester, and gives you complete control over the actions that it performs, and deep analysis of the results. It can automate all kinds of tasks in customizable ways, and lets you combine manual and automated techniques to make your testing faster, more reliable and more fun.
Burp is easy to use and intuitive, allowing new users to begin working right away. Burp is also highly configurable, and contains numerous powerful features to assist the most experienced testers with their work.
The suite of products consists of the following tools:
The Burp Proxy tool lies at the heart of Burp's user-driven workflow, and gives a direct view into how the target application works "under the hood". It operates as a web proxy server, and sits as a man-in-the-middle between the browser and destination web servers. This allows the interception, inspection and modification of the raw traffic passing in both directions.
The Burp Scanner is a web application security scanner, used for performing automated vulnerability scans of web applications. Security testers can use Burp Scanner alongside manual testing methodology to quickly identify many types of common vulnerabilities.
The Burp Spider is a tool for automatically crawling web applications. It can be used in conjunction with manual mapping techniques to speed up the process of mapping an application's content and functionality.
The Burp Intruder is a tool for automating customized attacks against web applications. It is extremely powerful and configurable, and can be used to perform a huge range of tasks, from simple brute-force guessing of web directories through to active exploitation of complex blind SQL injection vulnerabilities.
The Burp Repeater is a simple tool that can be used to manually test an application. The penetration tester can use it to modify requests to the server, resend them, and observe the results.
The Burp Sequencer is a tool for analyzing the quality of randomness in a sample of data items. You can use it to test an application's session tokens or other important data items that are intended to be unpredictable, such as anti-CSRF tokens, password reset tokens, etc.
The Burp Decoder is a simple tool for transforming encoded data into its canonical form, or for transforming raw data into various encoded and hashed forms. It is capable of intelligently recognizing several encoding formats using heuristic techniques.
The Burp Comparer is a simple tool for performing a comparison between any two items of data.
The Burp Extender allows the security tester to load Burp extensions, to extend Burp's functionality using the security testers own or third-party code. Third party applications can be found in the BAppStore
Burp Collaborator released in April 2015 is an external service that Burp can use to help discover many kinds of vulnerabilities, including out of band vulnerabilities, blind SQL injection vulnerabilities and mail header injection vulnerabilities.
The Burp Suite Support Center contains a large number of articles and community discussions to help you get the most out of using Burp.