🤖

Burp Suite: Do i need the profesional edition?

Introduction

I often get asked this question and i can be very short about this, no. You don't need burp pro. That being said, it does have some very big advantages that will make life a lot easier on you. So while you don't need burp suite, you don't need it in a sense that you also don't need to eat fries every week but it sure does taste good. 🍟

What type of advantages you can gain from burp suite pro depends on the type of consumer you are. We will over some situations but in the end it's up to you decide since it is a lot of money for some people. I would see it as an investment.

General advantages

While some of the advtanges are specific to the usage scenario's, some advtanges can also be good for everyone so we will list those here.

Small businesses

For a small business, there is one major advantage that i think bug bounty hunters won't profit very much from. You can perform automated scans on your target which can easily remove any low hanging fruit before you send those new features off into production. Please note that this version does not include any CI/CD integration.

The reason automated scans are not interesting for bug bounty hunters in my opinion is that bug bounties are insane and not like regular hacking at all. We are last to hack our target after pentesters and a range of other hackers after us. Besides that, most programs don't allow it and some WAFs might even IP ban you.

Medium/Large businesses

If you have your development process down to an art and have your CI/CD pipelines set up, you might want to include a burp scan in your pipeline, this is possible but you need the enterprise version which costs a lot more but it also has some other features. Besides getting hacked costs a lot more.

https://portswigger.net/burp/enterprise/features²