Burp Suite Alternatives

    Burp Suite is described as 'integrated platform for performing security testing of web applications'. There are more than 10 alternatives to Burp Suite for a variety of platforms, including Windows, Linux, Mac, Online / Web-based and iPhone. The best alternative is Fiddler, which is free. Other great apps like Burp Suite are mitmproxy (Free, Open Source), OWASP Zed Attack Proxy (ZAP) (Free, Open Source), Charles (Paid) and w3af (Free, Open Source).

    This page was last updated Dec 11, 2020

    1. Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data.
      • FreeOpen Source
      • Mac
      • Windows
      • Linux
      mitmproxy is an SSL-capable man-in-the-middle proxy for HTTP. It provides a console interface that allows traffic flows to be inspected and edited on the fly.
      show more
      Almost everyone thinks mitmproxy is a great alternative to Burp Suite.


    2. The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
      show more
      Most users think OWASP Zed Attack Proxy (ZAP) is a great alternative to Burp Suite.
      • Mac
      • Windows
      • Linux
      • iPhone
      • iPad
      Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).
      • FreeOpen Source
      • Windows
      • Linux
      w3af is a Web Application Attack and Audit Framework


      • Windows
      • Online
      • Wordpress
      Audit your website security and web applications for SQL injection, Cross site scripting and other web vulnerabilities with Acunetix Web Security Scanner. Download Free Edition!
      show more
    3. Probely finds vulnerabilities or security issues in web applications and provides guidance on how to fix them. Probe.ly was built having developers in mind.
      show more
    4. Netsparker is the only False-positive-free web application security scanner. Simply point it at your website and it will automatically discover the flaws that could leave you dangerously exposed.
      show more
    5. Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.
      No screenshots yet
    Showing 10 of 19 alternatives