What is it?

Along with ZAP, Burp Suite is a interception proxy. This allows the troubleshooting and testing of HTTP/s traffic. Although both are favored by security professionals as it includes methods of automated security testing and generation reports.

Exluded from Community Edition:

• Burp Scanner, CSRF PoC Generator, Content discovery tool

• Reports and saving/exporting results

• Full use of Intruder (Community is heavily throttled)

Features

• Burp Scanner

  • Passive or Active

• CSRF PoC

• Intruder

  • Fuzzing or Dictionary attack

• Decoder

Resources

How to Burp Good: https://www.n00py.io/2017/10/how-to-burp-good/