Home

 

 

Blog

 

Burp suite

 

Burp intruder

 

Burp proxy
About
Screenshots
Help
Download

 

Burp spider

 

Burp sequencer

 

Burp repeater

 

Books

 

Misc

 

 

RSS

 



Search site
 




Burp Proxy

Burp Proxy is an interactive HTTP/S proxy server for attacking and testing web applications. It operates as a man-in-the-middle between the end browser and the target web server, and allows the user to intercept, inspect and modify the raw traffic passing in both directions.

Burp Proxy allows you to find and exploit application vulnerabilities by monitoring and manipulating critical parameters and other data transmitted by the application. By modifying browser requests in various malicious ways, Burp Proxy can be used to perform attacks such as SQL injection, cookie subversion, privilege escalation, session hijacking, directory traversal and buffer overflows.

Key features include:

  • Full HTTP and HTTPS proxy server.
  • Text and hex-editing of intercepted traffic, so even binary data can be manipulated.
  • Detailed analysis and rendering of all requests and responses, with parsing of parameters, headers and various media content.
  • Full history of all requests, modifications and responses, with ability to view cached requests and responses, and to reissue and re-modify individual requests.
  • Fine-grained rules governing interception of requests and responses, based on practically any message attribute.
  • Search and highlight of intercepted message text.
  • Full integration with other Burp Suite tools.
  • Support for downstream proxy server.
  • Authentication to downstream proxy and web servers, using basic, NTLM or digest authentication types.
  • Automated regex-based manipulation of HTTP requests and responses.
  • GUI front-end and in-browser controls.
  • Automatic update of Content-Length header in modified messages.
  • Extensibility via the IBurpExtender interface.
  • Runs in both Linux and Windows.

New features in version 1.4 include:

  • Improved analysis and rendering of HTTP requests and responses.
  • Support for custom client and server SSL certificates.
  • Interception rules based on parameter names and values.
  • Automated match-and-replace operates on message body as well as headers.
  • "Previous" and "next" buttons to facilitate browsing of the request history.

Burp Proxy is part of the Burp Suite of web application hack tools. For examples of Burp Proxy in action, see the screenshots, or for detailed information about the configuration and use of Burp Proxy, see the help file.

Download Burp Proxy.

 

Copyright (c) 2007 PortSwigger. All rights reserved.