burpsuite
Web application security testing and vulnerability analysis
TLDR
Start Burp Suite
Start Burp Suite using the default configuration
Open a specific project file
Load a specific configuration file
Start without extensions
SYNOPSIS
burpsuite [options]
(Note: The exact command or wrapper script name might vary based on installation path and OS. Often, it's a script executing 'java -jar burpsuite.jar' with arguments.)
PARAMETERS
-project-file
Loads or creates a project file, allowing persistence of work across sessions.
-config-file
Loads configuration settings from a specified XML configuration file.
-user-config-file
Loads user-specific configuration settings from a separate XML file.
-headless
Runs Burp Suite in headless mode, without a graphical user interface (primarily for Professional edition automation and CI/CD integration).
-data-path
Specifies the directory where Burp Suite stores its temporary data files.
-disable-auto-save
Prevents the current project from being automatically saved.
-disable-extensions
Disables all installed Burp extensions (BApps) upon startup.
-log-file
Redirects Burp Suite's console output and log messages to a specified file.
-help
Displays a list of available command-line options and their descriptions.
DESCRIPTION
Burp Suite is an integrated platform for performing security testing of web applications. Developed by PortSwigger, it provides a comprehensive set of tools, including an intercepting proxy, web vulnerability scanner, automated attacking tools (Intruder), manual manipulation tools (Repeater, Decoder), and sequencing analysis. It allows security professionals to intercept, inspect, and modify HTTP/S traffic, automate custom attacks, identify vulnerabilities, and analyze web application behavior. Burp Suite is widely adopted by cybersecurity professionals, penetration testers, and developers for both manual and automated security assessments. While primarily a graphical user interface (GUI) application, it supports command-line arguments for launching with specific configurations, loading project files, or for headless automation (Professional edition).
CAVEATS
- Burp Suite is a Java application and requires a compatible Java Runtime Environment (JRE) to be installed on the system. The specific Java version needed can vary with Burp Suite releases.
- While it supports command-line options, Burp Suite is primarily designed for interactive use via its graphical user interface. Most advanced features and detailed analysis are performed through the GUI.
- Memory consumption can be significant, especially when dealing with large projects, extensive scanning, or heavy traffic. Users often need to allocate more JVM memory (e.g., using `java -Xmx2G -jar burpsuite.jar`).
- The `burpsuite` command on Linux is often a wrapper script. For advanced Java Virtual Machine (JVM) arguments, direct execution of the JAR file (`java -jar burpsuite.jar`) might be required.
<B>EDITIONS</B>
Burp Suite is available in two primary editions: the Community Edition (free, offering basic manual tools like Proxy, Repeater, Decoder, and Comparer) and the Professional Edition (paid, providing full functionality including the advanced vulnerability scanner, headless automation capabilities, Intruder, Sequencer, and a wider array of features).
<B>EXTENSIBILITY</B>
A key feature of Burp Suite Professional is its extensibility via the BApp Store. Users can install extensions (BApps) developed by the community or PortSwigger, written in Java, Python, or Ruby, which significantly expand Burp's capabilities for specialized tasks, integrations, and custom analyses.
HISTORY
Burp Suite was initially developed by Dafydd Stuttard, the founder of PortSwigger Web Security. The first public release of Burp Suite Free was in 2004. Over the years, it has undergone continuous development, with regular updates introducing new features, tools, and performance enhancements. It rapidly gained recognition and established itself as a leading tool for web penetration testing. The Professional edition, launched later, brought advanced capabilities such as the Burp Scanner, headless mode for automation, and an extensive BApp Store for extensibility, solidifying its position as an industry-standard tool.
SEE ALSO
owasp-zap(1), proxychains(1), curl(1), nmap(1), wireshark(1)