Burp Suite Community Edition is a free version of a web vulnerability scanner (opens in new tab) and penetration testing tool that also comes as its own product.
Created by PortSwigger, it is especially popular among white hat hackers as it makes penetration testing a breeze. Still, many non-tech savvy users have also used its capabilities successfully.
Founded in 2008, PortSwigger is a UK-based company headquartered in Knutsford and celebrated for coming up with some of the most widely used corporate cybersecurity software. (opens in new tab), Burp Suite is their top-notch release. This software is currently used by more than 60,000 users and 15,000 companies of all sizes around the world.
In its own words, PortSwigger’s mission is to “enable the world to secure the web,” and it’s clear that the company has come a long way since its humble beginnings.
PortSwigger’s official site benefits from a clear, color-coded, easy-to-understand design and provides plenty of information about its products. From there, you can jump over to their blog where you’ll find some well-written articles.
As far as social networking sites go, PortSwigger can be found on Twitter, LinkedIn, and GitHub.
Subscriptions and prices
As suggested in the chapter above, the community edition is completely free for all users.
The Professional Edition of Burp Suite comes as a single user license, which means that every time a new user wants to install this edition, they must purchase a new license. This will set them back for $399 a year and while you can subscribe right away for one, two, three, four, five or ten years, you won’t be rewarded with any discount for making a long-term commitment.
However, you are invited to request a 30-day trial and try this product for free before making a purchase.
The third and final edition of Burp Suite is business-oriented and comes in the form of three full-featured plans ranging from $6,995 to $29,450 per year.
If you’re ready to buy one of the paid editions of Burp Suite, you can do so with all major credit/debit cards, PayPal, wire transfer, check, or Bitcoin (opens in new tab).
Features and functionality
As is so often the case with free editions of proprietary products, Burp Suite Community Edition is short on features that consist only of penetration testing tools.
So if you still want to go with this plan, expect HTTP(s)/WebSockets proxy and history, essential Burp Suite tools (Repeater, Decoder, Sequencer and Comparer) and a demo version of Burp Intruder.
Since Burp Suite works as a web proxy, it works with a web browser while the penetration tester intercepts all traffic between the web server and the browser.
The Repeater tool allows users to inject traffic into a stream where they can test specific apps looking for weaknesses.
As the name implies, the Decoder is there to decode encryption and encode source data in the correct format.
The Sequencer is another analytics tool that collects and inspects information to find traces of randomness – it examines the pattern and value of all variations in testing strategy.
Last but not least, the Comparer will perform a comparison, or a visual “diff”, between two random pieces of data that are difficult to decipher.
If you opt for a professional edition of Burp Suite, you get all this and more, including the Intruder module, which acts as an amalgam of penetration testing tools and a complete web vulnerability scanner. It is customizable and automated, and attack probes can be integrated to work with it.
The enterprise edition offers significantly different sets of services compared to the community and professional editions as it is created as a pipeline testing service that can run continuously with a whole set of probes simultaneously. It comes with out-of-the-box integrations with out-of-the-box CI plugins, Jira, Jenkins, ThreadFix, and “rich” API.
Interface and ease of use
If you are on PortSwigger’s official site, go to “Products” and select “Burp Suite Community Edition”, which will take you to the page with a download button. To download the software you will be asked to enter your email address, but you can skip this and go directly to the download page. Here, select the edition you want to use, the operating system (OS) you are using and tap “Download”.
The download and installation process should take no more than a few minutes and once the installation is complete, you will be able to access the Burp Suite user interface (UI).
It may seem a little confusing that all three Burp Suite editions use the same old-fashioned but well-thought-out user interface. However, you’ll soon notice that everything outside of the essentials is locked in the community edition.
Burp Suite’s user interface also has a dark mode, which is good (or bad) news to our eyes, depending on what scientific research you’ve consulted.
If you find yourself in need of a helping hand, PortSwigger has given you some helpful options. If you’re not in a rush, you can use their email address – the technical team is available 24 hours a day from Monday to Friday. They also add that there is no tiered support with PortSwigger, meaning you get equal treatment no matter which edition of Burp Suite you use.
As for the self-support options, PortSwigger’s support center should be useful enough. It is split into two primary sections, one dedicated to the enterprise edition of Burp Suite and the other to its professional and community counterparts. Both sections look good with easy to understand guides and a few video tutorials.
For some strange reason, people have mistaken Burp Suite for open-source software so much that PortSwigger had to include a question about it in their FAQ section. This couldn’t happen with OpenVAS because the name says it all – it’s open source and it’s a vulnerability assessment scanner, and a solid one to boot.
However, if you’re looking for an enterprise-level web security scanner and don’t mind paying a lot of money, Burp Suite might be a better choice.
Vulnerability Manager Plus is a cross-OS, priority-driven web vulnerability scanner that offers built-in remediation, and (like Burp Suite) it also comes in a free edition. However, this fermium is much richer in features than the community edition of Burp Suite – plus it’s more beginner-friendly.
Like Burp Suite, Probely is aimed at security teams and software developers. However, less experienced users are better off with Probely because it is easier to use, has a more intuitive user interface, and offers superior customer support.
Burp Suite Community Edition is quite a popular free web app scanner that is often cited as one of the best of its kind in the industry today. It’s a great solution for finding and fixing zero-day vulnerabilities. However, the free community-focused edition is a bit short on features that leave a lot to be desired.