Burp Suite 是一個用於測試 Web 應用程式安全性的圖形化工具。該工具使用Java編寫,由PortSwigger Web Security開發。該工具有三個版本。可以免費下載的社區版、專業版和試用後可以購買的企業版。社區版大大減少了功能。它是為Web應用程式安全檢查提供全面解決方案而開發的。除了代理伺服器、Scanner 和Intruder等基本功能外,該工具還包含更高級的選項,如Spider、Repeater、Decoder、Comparer、Extender和Sequencer。
Burp Suite 是用於攻擊 web 應用程式的整合平臺。從最基本的測繪(mapping)和應用程式的攻擊面分析,到尋找並藉機利用安全漏洞,Burp Suite允許攻擊者結合手工和自動技術去枚舉、分析、攻擊Web應用程式。這些不同的burp工具通過協同工作,有效的分享資訊,支援以某種工具中的信 息為基礎供另一種工具使用的方式發起攻擊。所有的工具都共享一個能處理並顯示 HTTP 訊息,永續性,認證,代理,日誌,警報的一個強大的軟體。
功能特色
Proxy: 使Burp作為Web proxy運行,並且位於瀏覽器和目標 Web server之間。
可以利用這種方式從Burp攔截、檢查和修改在兩個方向上通過的HTTP內容。
What operating systems does Burp Suite Professional software run on?
Burp Suite Professional requires a computer with the official Java Runtime Environment (64-bit edition, version 1.7 or later) installed. JREs are available for various popular operating systems, including Windows, Linux and Mac OS X. If you are unsure whether your computer is suitable, you should first test the free community edition of Burp Suite on your computer to satisfy yourself that it works correctly.
What are the system requirements for running Burp Suite Professional software?
For the best experience with Burp Suite Professional, we recommend using a machine with at least 8 GB of memory and 2 CPU cores. If you are performing large amounts of work, or testing large or complex applications, you may need more memory than this. If you are unsure whether your computer is suitable, we recommend first testing Burp Suite Community Edition on your machine to satisfy yourself that it works correctly.
What operating systems does Burp Suite Enterprise Edition software run on?
Burp Suite Enterprise Edition requires a 64-bit machine running a modern Windows, Linux, or MacOS operating system. Note that multiple machines may be required depending on your intended usage.
Burp Suite Enterprise Editionsystem requirements
The system requirements for machines running Burp Suite Enterprise Edition are highly dependent on a variety of factors. These factors include:
How many concurrent scans you want to run
The nature and scope of the application being scanned
The number of issues reported
The number of active users of the Burp Suite Enterprise Edition web UI and APIs
Whether you are using a fully bundled deployment or have split the different components across multiple machines
Whether you have enabled Burp Scanner’s experimental new browser-powered scanning engine
As a result, the system requirements listed in this section are general recommendations that should provide satisfactory performance for most use cases. When provisioning machines, please be aware that you might need to upgrade them later depending on your actual usage.
General requirements
The following requirements apply regardless of your preferred deployment method:
All machines on which Burp Suite Enterprise Edition components are installed must have a 64-bit architecture.
location (configured during the installation process) must reside on locally attached storage rather than a network file system. Please note that the free space required is not only for the up-front installation. Disk space is used for storage of ephemeral data during scans and product updates.The disk
Be aware that to get the most out of Burp Suite Enterprise Edition, you will need to assign multiple agents to a machine. In many cases, this will require you to use a dedicated server or server-class virtual machine in order to meet the system requirements.
Bundled deployment
If you decide to use the bundled deployment option, assigning agents to your Enterprise server machine rather than to dedicated external machines, the following system requirements apply.
Note: Browser-powered scanning (BPS) requires a machine with more RAM but achieves greater coverage during scans.
Free disk space
RAM (BPS enabled)
RAM (BPS disabled)
CPU cores
Base installation
10 GB
16 GB
16 GB
4
Per agent
+ 20 GB
+ 8 GB
+ 4 GB
4
Total with 2 agents
50 GB
32 GB
24 GB
12
Total with 5 agents
110 GB
56 GB
36 GB
24
Total with 10 agents
210 GB
96 GB
56 GB
44
External agent machines
Instead of assigning agents to your Enterprise server machine, you can deploy dedicated external machines on which your agents will run when performing scans. For each external agent machine, the following system requirements apply:
Note: Browser-powered scanning (BPS) requires a machine with more RAM but achieves greater coverage during scans.
Free disk space
RAM (BPS enabled)
RAM (BPS disabled)
CPU cores
Base installation
10 GB
2 GB
2 GB
2
Per agent
+ 20 GB
+ 8 GB
+ 4 GB
4
Total with 2 agents
50 GB
18 GB
10 GB
10
Total with 5 agents
110 GB
42 GB
22 GB
22
Total with 10 agents
210 GB
82 GB
42 GB
42
Database and storage space
The amount of data that might be accumulated by Burp Suite Enterprise Edition depends on the number of scans that you perform and how many issues they find. The following table provides an approximate indication of the quantity of data that is likely to be accumulated:
Number of scans
Data storage
1000
500Mb
10000
5Gb
100000
50Gb
The following types and versions of external databases have been tested and are fully supported: