The best free alternative to Burp Suite is mitmproxy, which is also Open Source. If that doesn't suit you, our users have ranked more than 25 alternatives to Burp Suite and 19 is free so hopefully you can find a suitable replacement. Other interesting free alternatives to Burp Suite are Zed Attack Proxy (ZAP), Fiddler, SiteOne Crawler and HTTP Toolkit.
mitmproxy is an SSL-capable man-in-the-middle proxy for HTTP. It provides a console interface that allows traffic flows to be inspected and edited on the fly. It also features mitmdump, a commandline tool that provides a tcpdump-like interface for saving, viewing and...
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
Web Debugging Proxy that logs all HTTP(S) traffic for comprehensive analysis. It allows manipulation of traffic, supports scripting, and extends with .NET. Debugs virtually any application, implementing man-in-the-middle interception with self-signed certificates. Freeware, ideal for developers.
A free in-depth website analyzer providing audits of security, performance, SEO, accessibility and other technical aspects. Available as a desktop application for Windows/macOS/Linux and as a CLI tool for advanced users and CI/CD processes. It also includes an offline web page exporter.
HTTP Toolkit is a beautiful, cross-platform & open-source HTTP(S) debugging proxy, analyzer & client, with built-in support for modern tools and automatic interception for clients from Docker to Android to iOS.
Caido is a cutting-edge web application security tool that enables users to efficiently identify and assess potential vulnerabilities in their web applications. It can be easily integrated into both personal and enterprise environments, making it adaptable to a wide range of...
Find security vulnerabilities right from your browser. Experience the next generation security tools without the need to install any additional software.
Guardius is a Software as a Service (SaaS) company designed to streamline and automate various IT needs for companies that operate their own websites or manage their own infrastructure. It is crucial for companies to safeguard their websites and infrastructure against potential...
Golem Security Scanner is a powerful and intuitive website security scanner which uses a combination of proprietary and open source scanners to maximize the scan findings. Much less expensive for the paid version than other providers, with a free option which scans a portion of...
Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc.
Probely is a top-tier cloud-based DAST Scanner designed for DevOps, empowering Security and Development teams to work together to secure their web applications and APIs.
United States
Czechia
EU
Spain
United Kingdom
Portugal