Burp Suite

Burp Suite is a program for comprehensive checking web applications for vulnerabilities. It is developed in Java, so the application is cross-platform, i.e. it is available on Windows, BSD-based, Linux, MacOS. It is also preinstalled by default in Kali Linux. The program itself has an app-manager for installing user-created add-ons.

Functionality

With the program you can:

1. Form the web application tree. The user can divide the repository into files, folders.
2. Generate modified requests. Get technical baseline information about the web app: when certificate, WHOIS data, registrar.
3. Automatically scan your sites and web apps for common vulnerabilities. Available only in the PRO edition of Burp Suite.

Available tools

Create a virtual proxy server before launching the software - all requests will be routed through it. For offline testing the value localhost:8080 is used. Then after starting the program you need to specify the directory or address of the web application.

User tools:

• Spider - performs gathering of data, technical information, builds the structure of the server;
• Repeater - intercepts and edits requests, supports HTTPS, but only if the SSL certificate is installed in the directory;
• Intruder - random key generator to access the admin panel;
• Scanner - vulnerability scanner utility.

Detailed manual in Russian on the application is available at the developer's website. We highly recommend you check it out before you start using the program as the interface is not russified (there is a user's translation).

Who needs it

Burp Suite for Linux or other operating systems is useful for developers of web applications to perform self testing of their projects before publishing them. Owners of online services can also use the program to evaluate the website resistance to hacking. Similar applications by functionality: Zed Proxy, Acunetix, Netsparker.

Download Burp Suite for free on our website.