Burp Suite

Repeater

A simple tool that can be used to manually test an application. It can be used to modify requests to the server, resend them, and observe the results.

Sequencer

A tool for analyzing the quality of randomness in a sample of data items. It can be used to test an application's session tokens or other important data items that are intended to be unpredictable, such as anti-CSRF tokens, password reset tokens, etc.

Comparer

A tool for performing a comparison (a visual "diff") between any two items of data

Decoder

A tool for transforming encoded data into its canonical form, or for transforming raw data into various encoded and hashed forms. It is capable of intelligently recognizing several encoding formats using heuristic techniques.

Extender

Allows the security tester to load Burp extensions, to extend Burp's functionality using the security testers own or third-party code (BAppStore)

Java

Language Burp Suite is written in

Intruder

This tool can perform automated attacks on web applications. Can test and detect SQL Injections, Cross Site Scripting, parameter manipulation and vulnerabilities susceptible to brute-force attacks

Spider

Tool for automatically crawling web applications. Can be used in conjunction with manual mapping techniques to speed up the process of mapping an application's content and functionality

Scanner

Operates as a web application security scanner, used for performing automated vulnerability scans of web applications

HTTP Proxy

Operates as a web proxy server, and sits as the man-in-the-middle between browser and destination web servers. This allows interception, inspection and modification of raw traffic passing in both directions