Burp Suite is a software package for testing the security of websites, web applications. It is written in Java, so it is ported to Windows, Linux, MacOS. It supports installation of third-party extensions (via the BApp Store repository) and is available in two editions: Free (free, no vulnerability scanner) and Pro (full functionality, support from the developer). The base edition is integrated into
Kali Linux.
Features of Burp Suite
With Burp Suite for Linux you can:
- map web applications, site (with demonstration of file and folder structure);
- modify requests on the fly (through proxy connection, only for non-SSL sites);
- collect data about sites and web applications (information about certificate, registrar, WHOIS);
- scan web resources for known vulnerabilities (PRO version only).
The software also supports HTTPS, but in this case you need to integrate a certificate into your browser.
Before you start using Burp Suite you need to set up a proxy (to let all requests to the site through). That is, make the appropriate settings in your browser (it is recommended to use Chrome or Mozilla). For offline sites - it is localhost:8080. The official website of the developer (PortSwigger) has a detailed manual in Russian. And Burp Suite requires Java SDK to be installed in the operating system (you can check for its presence in the system by selecting java -version from the terminal).
Bearest analogues of the program are Mitmproxy, Zed Attack, Acunetix.
Built-in tools of Burp Suite
The basic Burp Suite includes the following utilities:
- proxy (a tool for deploying a proxy server both on PC and remote server);
- spider (to collect information about the site, web application);
- repeater (a tool for editing requests);
- intruder (a utility for key matching, getting unauthorized access over the site);
- scanner (only in pro version, shows detected vulnerabilities).
Users can install additional tools (both paid and free) from the BApp Store. They can be used to do in-depth vulnerability analysis for common exploits. Scanner does the same but in automatic mode and in several scenarios at once.
Download Burp Suite with the current version free of charge on our website.