Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, scan, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.

Key features unique to Burp Suite include:

• Detailed analysis and rendering of requests and responses.
• One-click transfer of interesting requests between tools.
• Site map showing information accumulated about target applications in tree and table form.
• Ability to "passively" spider an application in a non-intrusive manner, with all requests originating from the user's browser.
• Suite-level target scope configuration, driving numerous individual tool actions.
• Fully fledged web vulnerability scanner. [Pro version only]
• Ability to save and restore state. [Pro version only]
• FIPS-compliant statistical analysis of session token randomness.
• Utilities for decoding and comparing application data.
• A range of engagement tools, to make your work faster and more effective. [Pro version only]
• Suite-wide search function. [Pro version only]
• Support for custom client and server SSL certificates.
• Extensibility via the IBurpExtender interface.
• Centrally configured settings for upstream proxies, web and proxy authentication, and logging.
• Tools can run in a single tabbed window, or be detached in individual windows.
• Runs in both Linux and Windows.

Read more about the individual Burp Suite tools:  Proxy  Spider  Scanner  Intruder  Repeater  Sequencer  Decoder  Comparer

Burp Suite is a Java application, and runs on any platform for which a Java Runtime Environment is available. It requires version 1.5 or later. The JRE can be obtained for free from java.sun.com.

For examples of Burp Suite in action, see the screenshots, or for detailed information about the configuration and use of Burp Suite, see the help file.

Read some success stories about people's experiences using Burp.

Download Burp Suite.