I often get asked this question and I can be very short about this, no. You don’t need burp pro. That being said, it does have some very big advantages that will make life a lot easier on you. So while you don’t need burp suite, you don’t need it in the sense that you also don’t need to eat fries every week but it sure does taste good. 🍟
What type of advantages you can gain from burp suite pro depends on the type of consumer you are. We will cover some situations but in the end, it’s up to you to decide since it is a lot of money for some people. I would see it as an investment.
While some of the advantages are specific to the usage scenarios, some advantages can also be good for everyone so we will list those here.
- The biggest advantage for me is that I can save my projects. As a full-time QA team lead, full-time dad, aspiring teacher, and bug bounty hunter I have to divide my time VERY efficiently as you can imagine. Testing a target properly in an hour is impossible and by far the biggest hurdle for me is getting set up. When I have to take 15 minutes to configure my burp suite every time I want to test my target that is going to stop me from even starting in the first place. Especially if I only have an hour to test my target I want to do it as efficiently as possible and not waste up to a quarter of my time every time I want to test.
- The intruder can be used at full speed. When you have the community edition, portswigger limits the number of requests you can make to 100 per attack and they severely rate limit the requests
- We also have access to wordlists built by portswigger, these are really good.
- Content discovery is an amazing tool that’s unlocked with burp suite professional edition. It’s one of the best content discovery tools I’ve found out there and has multiple options available which we look into in detail in a later chapter.
- Besides the content discovery tool, we have access to a host of other useful…