Did you miss the Month of Burp Pr0n?

Burp Proxy allows you to find and exploit application vulnerabilities by monitoring and manipulating critical parameters and other data transmitted by the application. By modifying browser requests in various malicious ways, Burp Proxy can be used to perform attacks such as SQL injection, cookie subversion, privilege escalation, session hijacking, directory traversal and buffer overflows.

Key features include:

• Full HTTP and HTTPS proxy server.
• Detailed analysis and rendering of all requests and responses, with parsing of parameters, headers and various media content, and hex editing.
• Full history of all requests, modifications and responses, with ability to view saved requests and responses, and to reissue and re-modify individual requests.
• Fine-grained rules governing interception of requests and responses, based on practically any message attribute.
• Search and highlight of intercepted message text.
• Full integration with other Burp Suite tools.
• Support for downstream proxy server, and authentication to downstream proxy and web servers, using basic, NTLM or digest authentication types.
• Automated regex-based manipulation of HTTP requests and responses.
• GUI front-end and in-browser controls.
• Extensibility via the IBurpExtender interface.
• Support for custom client and server SSL certificates.
• Runs in both Linux and Windows.

New Proxy features in Burp Suite v1.2 include:

• Much improved request history, with preview pane, display filters and ability to delete items.
• Ability to save and restore state. [Pro version only]
• Facility for multiple request listeners, invisible proxying, and host redirection.
• Options for automated HTML rewriting.
• Integration with Suite-wide target scope configuration.

Burp Proxy is part of the Burp Suite of web application hacking tools. For examples of Burp Proxy in action, see the screenshots, or for detailed information about the configuration and use of Burp Proxy, see the help file.

Download Burp Suite.