Burp Tools
Burp Suite contains various tools for performing different testing tasks.
The tools operate effectively together, and you can pass interesting
requests between tools as your work progresses, to carry out different
actions.
Use the links below to read the detailed help on each of the individual
Burp tools:
- Target - This tool
contains detailed information about your target applications, and lets
you drive the process of testing for vulnerabilities.
- Proxy - This is an intercepting
web
proxy that operates as a man-in-the-middle between the end browser
and the target web application. It lets you intercept, inspect and modify
the raw traffic passing in both directions.
- Spider - This is an intelligent application-aware
web spider that can crawl an application to locate its content
and functionality.
- Scanner
[Pro version] - This is an advanced web
vulnerability scanner, which can automatically discover numerous types
of vulnerabilities.
- Intruder - This is a
powerful
tool for carrying out automated customized attacks against web applications.
It is highly configurable and can be used to perform a wide range of
tasks to make your testing faster and more effective.
- Repeater - This is a
simple tool for manually
manipulating and reissuing individual HTTP requests, and analyzing the
application's responses.
- Sequencer - This is a
sophisticated tool for
analyzing the quality of randomness in an application's session tokens
or other important data items that are intended to be unpredictable.
- Decoder - This is a
useful tool for performing
manual or intelligent decoding and encoding of application data.
- Comparer - This is a
handy utility for
performing a visual "diff" between any two items of data, such
as pairs of similar HTTP messages.
- Extender - This lets
you load Burp extensions, to extend Burp's functionality using your own
or third-party code.
User Forum
Get help from other users, at the Burp Suite User Forum:
Visit the forum ›
Monday, November 3, 2014
v1.6.07
This release contains various enhancements to the Scanner engine logic, to improve both the reliability of issue reporting, and the quality of proof-of-concept exploits. Improvements have been made to the following checks:
- OS command injection
- SQL injection
- HTTP response header injection
- File path traversal
- Server-side JavaScript / NoSQL injection
- Reflected cross-site scripting
- Various DOM-based issues
- Open redirection
See all release notes ›