Arm yourself with the leading toolkit for web security testing
Burp Suite Professional is an advanced set of tools for testing web security – all within a single product. From a basic intercepting proxy to a cutting-edge vulnerability scanner, with Burp Suite Pro, the right tool is never more than a click away.
Our powerful automation gives you more opportunity to do what you do best, while Burp Suite handles low-hanging fruit. Advanced manual tools will then help you identify your target’s more subtle blind spots.
Burp Suite Pro is built by a research-led team. This means that before we even publish a paper, its findings have been included in our latest update. Our pentesting tools will make your job faster while keeping you informed of the very latest attack vectors.
Manual penetration testing features
Intercept everything your browser sees
A powerful proxy/history lets you modify all HTTP(S) communications passing through your browser.
Manage recon data
All target data is aggregated and stored in a target site map – with filtering and annotation functions.
Expose hidden attack surface
Find hidden target functionality with an advanced automatic discovery function for “invisible” content.
Test for clickjacking attacks
Generate and confirm clickjacking attacks for potentially vulnerable web pages, with specialist tooling.
Work with WebSockets
WebSockets messages get their own specific history – allowing you to view and modify them.
Break HTTPS effectively
Proxy even secure HTTPS traffic. Installing your unique CA certificate removes associated browser security warnings.
Manually test for out-of-band vulnerabilities
Make use of a dedicated client to incorporate Burp Suite’s out-of-band (OAST) capabilities during manual testing.
Speed up granular workflows
Modify and reissue individual HTTP and WebSocket messages, and analyze the response – within a single window.
Quickly assess your target
Determine the size of your target application. Auto-enumeration of static and dynamic URLs, and URL parameters.
Assess token strength
Easily test the quality of randomness in data items intended to be unpredictable (e.g. tokens).
Advanced/custom automated attacks
Faster brute-forcing and fuzzing
Deploy custom sequences of HTTP requests containing multiple payload sets. Radically reduce time spent on many tasks.
Query automated attack results
Capture automated results in customized tables, then filter and annotate to find interesting entries/improve subsequent attacks.
Construct CSRF exploits
Easily generate CSRF proof-of-concept attacks. Select any suitable request to generate exploit HTML.
Facilitate deeper manual testing
See reflected/stored inputs even when a bug is not confirmed. Facilitates testing for issues like XSS.
Scan as you browse
The option to passively scan every request you make, or to perform active scans on specific URLs.
Automatically modify HTTP messages
Settings to automatically modify responses. Match and replace rules for both responses and requests.
Automated scanning for vulnerabilities
Harness pioneering AST technology
High signal: low noise. Scan with pioneering, friction-free, out-of-band-application security testing (OAST).
Conquer client-side attack surfaces
Fuel vulnerability coverage with research
Cutting-edge scan logic from PortSwigger Research combines with coverage of over 100 generic bugs.
Fine-tune scan control
Get fine-grained control, with a user-driven scanning methodology. Or, run “point-and-click” scans.
Remediate bugs effectively
Custom descriptions and step-by-step remediation advice for every bug, from PortSwigger Research.
Configure scan behavior
Customize what you audit, and how. Skip specific checks, fine-tune insertion points, and much more.
Navigate difficult applications
Crawl more complex targets. Burp Suite’s crawler identifies locations based on content – not just URL.
Effectively apply IAST
Source identification and vulnerability reporting simplified, with optional code instrumentation.
Experience browser-driven scanning
Browser-driven scanning is already striding toward better coverage of tricky targets like AJAX-heavy single page apps.
Deep-dive message analysis
Show follow-up, analysis, reference, discovery, and remediation in a feature-rich HTTP editor.
Utilize both built-in and custom configurations
Access predefined configurations for common tasks, or save and reuse custom configurations.
Multiply project options
Auto-save all working projects to disk, and add configurations to pre-saved projects.
Make code more readable
Easily remediate scan results
See source, discovery, contents, and remediation, for every bug, with aggregated application data.
Simplify scan reporting
Customize with HTML/XML formats. Report all evidence identified, including issue details.
Speed up data transformation
Decode or encode data, with multiple built-in operations (e.g. Hex, Octal, Base64).
Create custom extensions
Extender API ensures universal adaptability. Code custom extensions to make Burp work for you.
For in-depth vulnerability detail, ordered and arranged in an easily accessible table, make use of Logger++.
When testing for authorization vulnerabilities, save time and perform repeat requests with Autorize.
Configured in Python, with a custom HTTP stack, Turbo Intruder can unleash thousands of requests per second.
Expand your Java-specific vulnerability catalogue and hunt the most niche bugs, with J2EEScan.
Backslash Powered Scanner
Find research-grade bugs, and bridge human intuition and automation, with Backslash Powered Scanner.
Access the extension library
The BApp Store customizes and extends capabilities. Over 250 extensions, written and tested by Burp users.
Adapt Burp Scanner’s attacks by uploading and testing multiple file-type payloads, with Upload Scanner.
Integrate with the Retire.js repository to check for known bugs using software composition analysis (SCA).
Run AuthMatrix with Autorize to define your access-level vulnerability authorization check.
Quickly find unkeyed inputs with Param Miner – can guess up to 65,000 parameter names per second.
LOGON is a pan-asian company operating in China, Hong Kong (HK), India, Singapore, Malaysia, Indonesia, Vietnam, Philippines and Thailand. LOGON has local dedicated trained product specialists in Hong Kong, Guangzhou, Kuala Lumpur, Mumbai and Bangalore. LOGON acts both as value added reseller and sole distributor for award winning software solutions. Customers can buy new licenses, purchase upgrades and renewals from any of our local offices. Contact us for first line support during evaluations, PoCs. We offer best practices consulting services and classroom & online training. Check our site for latest offers, special discounts, bundle deals, etc..
LOGON works with corporate clients and systems integrators by offering Vulnerability Management that offer continuous monitoring, vector analytics and modeling, integration with Software Development Life Cycle, Threat intelligence platforms and deliver Graphical attack modeling and compliance reporting. LOGON offers products from Acunetix, NetSparker, Flexera / Secunia etc. Other security solutions include Veracode, Whitehat, OPSWAT, Tenable, QUALYS, etc.. These solutions offer both Static Analysis (SAST) and Dynamic Analysis (DAST) that help Penetration Testers test Vulnerability Remediation, Cyber Exposure needs and Risk Assessment.