← All Providers

Burp Suite

desktop Free Trial

portswigger.net

🇬🇧 United Kingdom

Quick Facts

Open Source
Yes
Platforms
windowsmaclinux
API Available
yes
Account
Required
Skill Level
advanced
Offline Capable
Yes
Output Formats
htmlxmljson

What it does

A modular web security platform designed to help researchers map attack surfaces and find vulnerabilities. Features a powerful HTTP history log, advanced request repeater for manual testing, and the Intruder for sophisticated fuzzing and brute-force attacks. Includes specialized tools for analyzing session tokens (Sequencer), comparing site maps (Comparer), and performing out-of-band application security testing via Burp Collaborator. Professional edition adds an automated vulnerability scanner and Burp AI assistance. Highly extensible via the BApp Store with 300+ community extensions and the Montoya API for custom plugins.

Video Tutorial

Video tutorial for Burp Suite

When to use it

  • Web application penetration testing
  • API security testing and fuzzing
  • Session token analysis and cryptographic testing
  • Manual testing with request modification and replay
  • Automated vulnerability scanning (Professional)

When not to use it

  • Simple traffic viewing (use browser DevTools)
  • Non-HTTP protocols
  • Network-level penetration testing
  • When you need free automated scanning

Limitations

  • Community edition lacks automated scanner
  • Professional license required for advanced features ($499/year)
  • Steep learning curve for beginners
  • Resource-intensive for large target applications

Frequently Asked Questions

Is Burp Suite free to use?
Burp Suite offers a free trial. A subscription is required for full access.
What platforms does Burp Suite support?
Burp Suite is available on Windows, macOS, Linux.
Does Burp Suite require an account?
Yes, Burp Suite requires an account to use.
Is Burp Suite open source?
Yes, Burp Suite is open source.
What are the limitations of Burp Suite?
Community edition lacks automated scanner Professional license required for advanced features ($499/year) Steep learning curve for beginners
What does Burp Suite do?
Burp Suite is a desktop tool for http traffic interception. A modular web security platform designed to help researchers map attack surfaces and find vulnerabilities. Features a powerful HTTP history log, advanced request repeater for manual testing, and the I
Comparing (/4):

Tool Comparison

Feature
Type
Pricing
Platforms
Description