🌐 Web application security
Burp Suite Community
The industry-standard intercept proxy — free for manual testing.
Why use it
Burp is the de-facto web pentest workbench. Community Edition omits the active scanner but keeps the intercept proxy, repeater, and decoder — everything you need for manual testing, learning, or labs.
What you get
- HTTP/S intercept proxy
- Repeater for replaying and modifying requests
- Intruder for fuzzing (rate-limited in Community)
- Decoder, comparer, sequencer
- Browser-bundled CA for easy proxy setup
System requirements
| Cpu | 2 cores |
|---|---|
| Ram | 4 GB |
| Disk | 500 MB |
| Os | Linux, macOS, Windows |
| Docker | No |
Installation
Download the installer from portswigger.net/burp/communitydownload. On first run, configure your browser to use the embedded Burp browser, or install the Burp CA cert manually in your normal browser.
Suggested configuration
Use the embedded Chromium browser — it ships with the proxy and CA pre-configured. Save your project files even on free tier (saves request history). Learn the keyboard shortcuts (Ctrl+R = send to repeater) — they pay for themselves quickly.
Integration ideas
- Pair with ZAP for automation, Burp for manual
- Use BApp store for free extensions (Logger++, Param Miner)
Alternatives
- OWASP ZAP — Better automation, similar manual UX.
- Caido — Newer Rust-based proxy; freemium tier.
Cyentrix verdict
If you're learning web pentest, install this first. The Community Edition is enough for the OWASP Top 10 by hand.