Burp Proxy is an interactive HTTP/S proxy server for attacking and testing web applications. It operates as a man-in-the-middle between the end browser and the target web server, and allows the user to intercept, inspect and modify the raw traffic passing in both directions.
The Burp Proxy project allows you to find and exploit application vulnerabilities by monitoring and manipulating critical parameters and other data transmitted by the application. By modifying browser requests in various malicious ways, Burp Proxy can be used to perform attacks such as SQL injection, cookie subversion, privilege escalation, session hijacking, directory traversal and buffer overflows.
Here are some key features of "Burp proxy":
· Full HTTP and HTTPS proxy server.
· Text and hex-editing of intercepted traffic, so even binary data can be manipulated.
· Detailed analysis and rendering of all requests and responses, with parsing of parameters, headers and various media content.
· Full history of all requests, modifications and responses, with ability to view cached requests and responses, and to reissue and re-modify individual requests.
· Fine-grained rules governing interception of requests and responses, based on practically any message attribute.
· Search and highlight of intercepted message text.
· Full integration with other Burp Suite tools.
· Support for downstream proxy server.
· Authentication to downstream proxy and web servers, using basic, NTLM or digest authentication types.
· Automated regex-based manipulation of HTTP requests and responses.
· GUI front-end and in-browser controls.
· Automatic update of Content-Length header in modified messages.
· Extensibility via the IBurpExtender interface.
· Runs in both Linux and Windows.
· Java Runtime Environment 1.5 or later (tested with JRE 6 on Ubuntu 7.10)
What's New in This Release:
· Improved analysis and rendering of HTTP requests and responses.
· Support for custom client and server SSL certificates.
· Interception rules based on parameter names and values.
· Automated match-and-replace operates on message body as well as headers.
· "Previous" and "next" buttons to facilitate browsing of the request history.