 |
 Logo of PortSwigger, the company that develops Burp Suite | |
 | |
| Developer(s) | PortSwigger |
|---|---|
| Written in | Java |
| Type | Security testing |
| Website | portswigger |
Burp Suite is a proprietary software tool for security assessment and penetration testing of web applications.[1][2] It was initially developed in 2003-2006 by Dafydd Stuttard[3] to automate his own security testing needs, after realizing the capabilities of automatable web tools like Selenium.[4] Stuttard created the company PortSwigger to flagship Burp Suite's development. A community, professional, and enterprise version of this product are available.
Notable capabilities in this suite include features to proxy web-crawls (Burp Proxy),[5] log HTTP requests/responses (Burp Logger and HTTP History), capture/intercept in-motion HTTP requests (Burp Intercept),[6] and aggregate reports which indicate weaknesses (Burp Scanner).[7] This software uses a built-in database containing known-unsafe syntax patterns and keywords to search within captured HTTP requests/responses.[8]
Burp Suite possesses several penetration-type functionalities. A few built-in PoC services include tests for HTTP downgrade,[9] interaction with tool-hosted external sandbox servers (Burp Collaborator),[10] and analysis for pseudorandomization strength (Burp Sequencer).[11] This tool permits integration of user-defined functionalities through download of open-source plugins (such as Java Deserialization Scanner[12] and Autorize[13]).
- ^ Rahalkar, Sagar Ajay (2021). A Complete Guide to Burp Suite: Learn to Detect Application Vulnerabilities. Apress. ISBN 978-1-4842-6401-0.
- ^ Lozano, Carlos A.; Shah, Dhruv; Walikar, Riyaz Ahemed (2019-02-28). Hands-On Application Penetration Testing with Burp Suite. Packt Publishing. ISBN 9781788995283.
- ^ PortSwigger. "About". PortSwigger. Retrieved 2024-07-09.
- ^ PortSwigger (9 July 2020). "Ask me anything, with Burp Suite creator Dafydd Stuttard". YouTube. Retrieved 2020-07-09.
- ^ Rose, Adam (21 April 2023). "Proxy VM Traffic Through Burp Suite". FortyNorth Security. Retrieved 2024-07-09.
- ^ Setter, Matthew (6 December 2017). "Introduction to Burp Suite". Web Dev With Matt. Retrieved 2017-12-06.
- ^ Lavish, Zandt. "Intro to Burp Suite Automatic Scanning". GreatHeart. Retrieved 2022-07-12.
- ^ Shelton-Lefley, Tom. "Web Application Cartography: Mapping Out Burp Suite's Crawler". PortSwigger. Retrieved 2021-03-05.
- ^ PortSwigger. "HTTP/2 Normalization in the Message Editor". PortSwigger. Retrieved 2024-07-09.
- ^ Stuttard, Dafydd. "Introducing Burp Collaborator". PortSwigger. Retrieved 2015-04-16.
- ^ Stuttard, Dafydd. "Introducing Burp Sequencer". PortSwigger. Retrieved 2007-10-21.
- ^ "Java Deserialization Scanner". GitHub. Retrieved 2024-07-09.
- ^ "Autorize". GitHub. Retrieved 2024-07-09.