Back to glossary

Burp Suite

An integrated platform for performing security testing of web applications, widely used for manual and automated vulnerability discovery.

Categorysecurity

Overview

Burp Suite is the leading tool for web application security testing. It acts as an intercepting proxy, allowing testers to capture, inspect, and modify the traffic between their browser and the target application.

Core Tools

  • Proxy: Intercepts and modifies HTTP/S requests and responses.
  • Repeater: Allows for manual manipulation and re-sending of individual requests.
  • Intruder: Automates customized attacks against web applications (e.g., brute forcing, fuzzing).
  • Scanner: (Professional version) Automatically crawls and scans applications for vulnerabilities like SQLi and XSS.
  • Decoder: A tool for transforming encoded data into its canonical form.
  • Comparer: A utility for performing a visual 'diff' between two items of data.

Use Cases

  • Manual security testing of web applications.
  • Identifying complex vulnerabilities that automated scanners might miss.
  • Analyzing application logic and data flows.

Related Terms

Dynamic Application Security Testing (DAST)