Burp Suite

Burp Suite is a proprietary software tool for security assessment and penetration testing of web applications. It was initially developed in 2003-2006 by Dafydd Stuttard to automate his own security testing needs, after realizing the capabilities of automatable web tools like Selenium. Stuttard created the company PortSwigger to flagship Burp Suite's development. A community, professional, and enterprise version of this product are available.

Notable capabilities in this suite include features to proxy web-crawls (Burp Proxy), log HTTP requests/responses (Burp Logger and HTTP History), capture/intercept in-motion HTTP requests (Burp Intercept), and aggregate reports which indicate weaknesses (Burp Scanner). This software uses a built-in database containing known-unsafe syntax patterns and keywords to search within captured HTTP requests/responses.

Burp Suite possesses several penetration-type functionalities. A few built-in PoC services include tests for HTTP downgrade, interaction with tool-hosted external sandbox servers (Burp Collaborator), and analysis for pseudorandomization strength (Burp Sequencer). This tool permits integration of user-defined functionalities through download of open-source plugins (such as Java Deserialization Scanner and Autorize).