Burp Suite Community
The free edition of the industry-standard web pentest proxy — manual intercept, repeater and intruder (throttled) for hands-on testing
⚡ TL;DR
🎯 The Problem It Solves
When you need to actually understand a web app\'s logic — tamper a request mid-flight, repeat it with variations, decode a token — you want an intercepting proxy you control. Burp Community is the free on-ramp to that workflow: the same manual tooling the pros use, minus the automated scanner.
🔧 How It Works
Burp sits between your browser and the target as an intercepting proxy. You capture requests, send them to Repeater to tweak-and-resend, to Intruder for throttled brute-force/fuzzing, or to Decoder/Comparer for analysis. The Community edition excludes the automated web vulnerability scanner and throttles Intruder — those are Pro features — so it\'s a manual toolkit, not an automatic one.
🚀 Installation & Quick Start
Installation
Download from portswigger.net/burp/communitydownload\n# Linux/macOS/Windows available\n# Requires Java RuntimeQuick Start
- Download Community Edition from portswigger.net/burp/communitydownload
- Launch, open the built-in browser or point your browser at 127.0.0.1:8080
- Turn Intercept on, browse the target, capture and modify a request
- Send to Repeater (Ctrl+R) and tweak parameters to test logic
- Use Intruder (throttled in CE) for simple enumeration
✅ Pros
- •The manual workflow every web pentester knows
- •Free, rock-solid, and the on-ramp to the Burp ecosystem
- •Built-in browser removes proxy-config friction
- •Endless extension marketplace (some free) for specialist jobs
❌ Cons
- •No automated vulnerability scanner (that's Pro)
- •Intruder is throttled in Community — slow for big wordlists
- •Not open source — the GitHub link here points to PortSwigger's OSS helper libs, not the CE binary
- •Mastery takes practice; the UI is dense for newcomers
💬 Practitioner Verdict
"Burp Community is where most web pentesters start and many stay for manual work. It won\'t scan for you, but for understanding an app\'s logic by hand it\'s still the standard. Budget for Pro only when you need the automation."
📊 Specifications
- Language
- Java
- License
- Proprietary (free tier)
- Platform
- Linux, macOS, Windows
- Kill Chain
- Vulnerability Analysis
- MITRE ATT&CK
- T1190
💰 Pricing Reality
Community Edition is free (proprietary, with a free tier). Burp Suite Pro is a paid subscription that adds the scanner, unthrottled Intruder, and collaboration. Note: Burp itself is NOT open source — the link on this page points to PortSwigger\'s open-source tooling (e.g. the Montoya API), not the CE download.