Burp Suite Professional is the web security tester’s toolkit of choice. Use it to automate repetitive testing tasks – then dig deeper with its expert-designed manual and semi-automated security testing tools. Burp Suite Professional can help you to test for OWASP Top 10 vulnerabilities – as well as the very latest hacking techniques.

• Manual penetration testing features
  Intercept everything your browser sees
  Burp Suite’s built-in browser works right out of the box – enabling you to modify every HTTP message that passes through it.Quickly assess your target
  Determine the size of your target application. Auto-enumeration of static and dynamic URLs, and URL parameters.Speed up granular workflows
  Modify and reissue individual HTTP and WebSocket messages, and analyze the response – within a single window.

  Manage recon data
  All target data is aggregated and stored in a target site map – with filtering and annotation functions.

  Expose hidden attack surface
  Find hidden target functionality with an advanced automatic discovery function for “invisible” content.
  Break HTTPS effectively
  Proxy even secure HTTPS traffic, using Burp Suite’s built-in instrumented browser.

  Work with HTTP/2
  Burp Suite offers unrivaled support for HTTP/2-based testing – enabling you to work with HTTP/2 requests in ways that other tools cannot.

  Work with WebSockets
  WebSockets messages get their own specific history – allowing you to view and modify them.

  Manually test for out-of-band vulnerabilities
  Make use of a dedicated client to incorporate Burp Suite’s out-of-band (OAST) capabilities during manual testing.

  DOM Invader
  Use Burp Suite’s built-in browser to test for DOM XSS vulnerabilities more easily – with DOM Invader.

  Assess token strength
  Easily test the quality of randomness in data items intended to be unpredictable (e.g. tokens).