Burp Suite
What is Burp Suite?
Burp SuiteAn intercepting web proxy and testing toolkit by PortSwigger, used to discover, manipulate, and exploit vulnerabilities in HTTP and HTTPS applications.
Burp Suite is the industry-standard web application security testing platform created by Dafydd Stuttard and developed by PortSwigger. It combines an intercepting proxy, repeater, intruder, decoder, scanner, and an extender API (BApp) used by application security engineers, bug bounty hunters, and penetration testers. Burp ships in a free Community edition and commercial Professional and Enterprise editions; the Professional version includes the active vulnerability scanner used in many AppSec workflows. Testing is only lawful against systems for which the user has explicit written permission, such as a defined scope in a pentest engagement or bug bounty program.
● Examples
- 01
Tampering with a JWT in the Repeater tab to confirm an authorization bypass.
- 02
Running Intruder with a payload list to test for SQL injection in a search parameter.
● Frequently asked questions
What is Burp Suite?
An intercepting web proxy and testing toolkit by PortSwigger, used to discover, manipulate, and exploit vulnerabilities in HTTP and HTTPS applications. It belongs to the Defense & Operations category of cybersecurity.
What does Burp Suite mean?
An intercepting web proxy and testing toolkit by PortSwigger, used to discover, manipulate, and exploit vulnerabilities in HTTP and HTTPS applications.
How does Burp Suite work?
Burp Suite is the industry-standard web application security testing platform created by Dafydd Stuttard and developed by PortSwigger. It combines an intercepting proxy, repeater, intruder, decoder, scanner, and an extender API (BApp) used by application security engineers, bug bounty hunters, and penetration testers. Burp ships in a free Community edition and commercial Professional and Enterprise editions; the Professional version includes the active vulnerability scanner used in many AppSec workflows. Testing is only lawful against systems for which the user has explicit written permission, such as a defined scope in a pentest engagement or bug bounty program.
How do you defend against Burp Suite?
Defences for Burp Suite typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Burp Suite?
Common alternative names include: Burp, BurpSuite.
● Related terms
- defense-ops№ 813
Penetration Testing
An authorized, simulated cyberattack against systems, applications, or people to identify exploitable weaknesses before real adversaries do.
- appsec№ 273
DAST (Dynamic Application Security Testing)
Black-box security testing that probes a running application over the network to find vulnerabilities visible only at runtime, such as injection, auth flaws and misconfigurations.
- compliance№ 781
OWASP Top 10
An OWASP awareness document that lists the most critical security risks to web applications, updated periodically from real-world vulnerability data.
- attacks№ 1084
SQL Injection
A code-injection attack that smuggles attacker-controlled SQL into a database query, letting the attacker read, modify, or destroy data.
- attacks№ 240
Cross-Site Scripting (XSS)
A web vulnerability that allows attackers to inject malicious scripts into pages viewed by other users, executing in the victim's browser under the site's origin.
- roles№ 132
Bug Bounty Hunter
An independent security researcher who finds and reports vulnerabilities to vendors through bug-bounty or coordinated-disclosure programs, in exchange for monetary rewards and recognition.
● See also
- № 577Kali Linux
- № 686mitmproxy