6/13/25, 9:31 AM Features - Burp Suite Professional

MY ACCOUNT

Burp Suite Professional

Features
A comprehensive suite of tools to efficiently discover and exploit vulnerabilities in web apps and
APIs.

TRY FOR FREE

https://portswigger.net/burp/pro/features 1/9
6/13/25, 9:31 AM Features - Burp Suite Professional
"I just renewed my annual subscription. Burp Suite is one of the best and affordable
Cyber Security products! My thanks go out to the team for providing such an
indispensable tool. AppSec would be lost without you."

Daniel Oakley, Cyber Security Professional.

Manual penetration testing features

Log, intercept, and manipulate HTTPS and WebSocket traffic right out of the box with Burp's built-
in browser and proxy.

Automatically map the attack surface with the industry's leading crawler.

Expose hidden attack surface with auto-enumeration of static and dynamic URLs and parameters.

Manage recon data in a target site map.

Easily detect otherwise invisible vulnerabilities with out-of-the-box tools for out-of-band testing (OAST).

Simplify testing for DOM-based vulnerabilities with DOM Invader.

Assess token strength to test the quality of randomness in data items.

Work with binary HTTP/2 requests in a familiar, HTTP/1-like format, and seamlessly alternate between
protocols with Burp's unrivalled HTTP/2 support.

https://portswigger.net/burp/pro/features 2/9
6/13/25, 9:31 AM Features - Burp Suite Professional

Burp's Proxy Intercept view

Introducing Burp Suite's revamped Pr…

Pr…

TRY FOR FREE

Advanced / custom automated attacks

Conduct faster brute-forcing and fuzzing with custom sequences of HTTP requests and payload
sets.

Capture, filter, and query automated attack results.

Easily generate CSRF proof-of-concept attacks.

Passively scan as you browse, or perform active scans on individual URLs and specific inputs.

Automatically modify HTTP messages with match and replace rules for both responses and requests.

https://portswigger.net/burp/pro/features 3/9
6/13/25, 9:31 AM Features - Burp Suite Professional

Automated scanning for vulnerabilities

Scan your applications using a built-in browser, which navigates complex JavaScript-heavy apps
and SPAs, just like a user.

Scan OpenAPI, GraphQL, and SOAP APIs based on a definition file, either discovered during a
crawl or uploaded manually.

Fuel vulnerability coverage with logic from PortSwigger Research.

Scan privileged areas of target applications with authenticated scanning.

Conquer client-side attack surfaces with the built-in JavaScript analysis engine.

Configure scan behavior to customize what you audit, and how.

Quickly create custom scan checks (BChecks) using a simple, purpose-built language.

https://portswigger.net/burp/pro/features 4/9
6/13/25, 9:31 AM Features - Burp Suite Professional

Utilize authentication in API scanning

API scanning with authentication

TRY FOR FREE

Improve your productivity with a number of tools

Deep-dive message analysis with the feature-rich HTTP editor.

https://portswigger.net/burp/pro/features 5/9
6/13/25, 9:31 AM Features - Burp Suite Professional

Utilize both built-in and custom configurations.

Automatically keep a persistent log of all your testing activities using project files.

Store and annotate interesting messages with Burp Organizer.

Automatically pretty-print formats using JSON, JavaScript, CSS, HTML, and XML.

Easily remediate scan results.

Cut through the noise with advanced search, filtering, and sorting features.

Simple reporting with automated report generation.

Unleash the power of Burp Suite with unrivalled

extensibility
https://portswigger.net/burp/pro/features 6/9
6/13/25, 9:31 AM Features - Burp Suite Professional

Explore the unrivalled BApp store for community-created extensions.

Create custom extensions with the Montoya API.

Customize Burp Suite using small snippets of Java with Bambdas.

Convert between various encodings with Hackvertor.

Hunt for niche java-specific vulnerabilities with J2EE Scan.

Quickly find unkeyed inputs with Param Miner.

Unleash thousands of requests per second with Turbo Intruder.

Perform repeat requests when testing for broken access controls with Autorize.

Adapt Burp's Scanner attacks with Upload Scanner.

Find research-grade bugs with Backslash Powered Scanner.

Tweak offsets automatically with HTTP Request Smuggler.

EXPLORE THE BAPP STORE

https://portswigger.net/burp/pro/features 7/9
6/13/25, 9:31 AM Features - Burp Suite Professional

250+ 300+
BApp authors Extensions

Automate customized attacks with Burp Intruder

Introducing Intruder

https://portswigger.net/burp/pro/features 8/9
6/13/25, 9:31 AM Features - Burp Suite Professional
“Checking out the new Bambdas for proxy filtering that Burp Suite just
launched. Quickly parsing through all my history to identify improperly set
Content-Types. It will definitely come in handy to be able to create these
powerful filters from now on!”

Carles Llobet Pons, Cyber Security Professional.

Try Burp Suite Professional for free

The most complete and widely used pentesting toolkit available.

TRY FOR FREE

Burp Suite Vulnerabilities

Web vulnerability scanner Cross-site scripting (XSS)
Burp Suite Editions SQL injection
Release Notes Cross-site request forgery
XML external entity injection
Directory traversal
Server-side request forgery

Company
Customers
About
Organizations Careers
Testers Contact
Developers Legal
Privacy Notice

Insights

Web Security Academy

Blog Follow us
Research
© 2025 PortSwigger Ltd.

https://portswigger.net/burp/pro/features 9/9