Maybe it's just that I haven't used it enough, but whenever I have some pentestish need and reach for Burp I get disappointed. The UI is confusing and everything is just so cumbersome, seemingly without reason. I get vibes of old school blender (with the right-click to select behaviour).
I would pay good money for something in the style of Proxyman, with Burp Collaborator features and a sensible extension system.
Caido[1] a interception proxy written in Rust, is positioning itself as a "lightweight" alternative to Burp. It can't compete yet with Burp in terms of functionality, although the product is certainly looking promising.
Perhaps the only contender to Burp in respect to functionality/features is ZAP[2].
EDIT: You can run your own collaborator type setup with Project discovery's interactsh[3].
Further EDIT: A downvote might be because of the mention of Rust / closed source - this is explicitly mentioned because a large pain point for Burp is it's a Java memory hog. If Caido was written in C++ with Qt, this fact would be notable for the exact same reason.
By "extensibility" does this mean the ability to write your own extensions? Being able to develop and contribute plugins back to the community (similar to Burp's BApp store) could really accelerate the competitiveness of Caido up against Burp.
I'm using httptoolkit and very happy with it. It's not as featureful as burp but the out of the box experience is very nice for average Joe like me that just occasionally need to leverage a tool like this.
Pentest engagements, you’re having to repeat the same tests over and over. That if you don’t automate it by the fifth repeat, you’ll lose your sanity. So the new automation tool now frees up time so you can audit on new novel areas in these engagements. But, it happens again. You’re slowly getting bored again until you inevitably write a tool to automate it. It’s a vicious cycle
This is not a new plugin; it (and similar extensions) have been available for Burp and a staple for testers for a few years now.
Automating authorisation checks has less to do with novelty seeking and more to do with the practicalities of ensuring adequate coverage within the assigned engagement time frame.
Maybe it's just that I haven't used it enough, but whenever I have some pentestish need and reach for Burp I get disappointed. The UI is confusing and everything is just so cumbersome, seemingly without reason. I get vibes of old school blender (with the right-click to select behaviour).
I would pay good money for something in the style of Proxyman, with Burp Collaborator features and a sensible extension system.