Burp Suite is a reliable and practical platform that provides you with a simple means of performing security
testing of web applications. It gives you full control, letting you combine advanced manual techniques with
various tools that seamlessly work together to support the entire testing process. The utility is easy-to-use and
intuitive and does not require you to perform advanced actions in order to analyze, scan and exploit web apps.
It is highly configurable and comes with useful features to assist experienced testers with their work.
Save and Restore
Features of Burp Suite Professional
Automated crawl and scan
Coverage of over 100 generic vulnerabilities, such as SQL injection and cross-site scripting (XSS),
with great performance against all vulnerabilities in the OWASP top 10.
Different modes for scan speed, allowing fast, normal, and thorough scans to be carried out for different
Scan exactly what you want. You can perform a full crawl and scan of an entire host, or a particular branch
of the site content, or an individual URL.
Support for numerous types of attack insertion points within requests, including parameters, cookies, HTTP
headers, parameter names, and the URL file path.
Support for nested insertion pointsallowing automatic testing of custom application data formats, such as
JSON inside Base64 inside a URL-encoded parameter.
Burp’s advanced application-aware crawler can be used to map out application contents, prior to automated
scanning or manual testing.
Use fine-grained scope-based configuration to control exactly what hosts and URLs are to be included in the
crawl or scan.
Automatic detection of custom not-foundresponses, to reduce false positives during crawling.
Overcome connection challenges
Burp supports platform authenticationusing Basic, NTLMv1 and v2, and Digest authentication types.
You can load client SSL certificates and smartcards needed for authentication to protected applications
You can configure all details of SSL negotiation, to help deal with unusually configured targets.
Burp can automatically handle session handling mechanisms, including conventional logins and cross-site request
forgery tokens Read More
You can record macros for repeating common sequences of requests, for use within the session handling mechanism.
You can create custom session handling rules to deal with particular situations. Session handling rules can
automatically log in, detect and recover invalid sessions, and fetch valid CSRF tokens.
The powerful Burp Extender API allows extensions to customize Burp’s behavior and integrate with other
tools. Common use cases for Burp extensions include modifying HTTP requests and responses on the fly,
customizing the Burp UI, adding custom Scanner checks, and accessing key runtime information including
crawl and scan results. Read More
The BApp Store is a repository of ready-to-use extensions contributed by the Burp user community.
These can be installed with a single click from within the Burp UI.
You can easily create your own extensions using the Java, Python or Rubyprogramming languages.
Discovered vulnerabilities can be exported as XML for importing into dozens of third-party tools that
support Burp’s export format.