Likelihood to Recommend Burp Suite is a good general tool to test websites as long as your website is not too large or you have the time for it to complete. We have some websites that only about five to ten minutes for Burp Suite to complete an attack and a spider only takes about two minutes. Other websites have taken a few hours to complete. I have seen a tester actually run Burp Suite against one of our websites and it took all day to complete.
Read full review I don't know of any other tool that works as well as Wireshark for packet capture an inspection. It's extremely easy to get up and running, and even with little to no knowledge of how to use the tool, you can be looking at all the traffic coming off a network interface.
Read full review Pros The passive scan feature is really awesome, it kind of covers areas that you might miss. The CSRF POC is really helpful to my team. It helps development team see the issue and understand it. Burp intruder and repeater are the features I myself and my team uses the most as it helps us use our payloads in a variety of different ways. Active scan helps the team to ensure coverage for the whole application. Read full review Light-weight software - Does not require high end specifications; also runs smoothly on Legacy systems Filter function - Lets you filter you packets from thousands to tens so as to find your target much easily Simultaneous capturing on all the network adapters - You can capture packets from all the Network Interface Cards (NIC's) at once. Read full review Cons More features to be available for the free/community version to allow more learning Manual updating of plugin without network connectivity More controls with the manual testing with scenario inputs Read full review A more user-friendly interface would be nice, but then again it is not really designed for those who are not quite comfortable with this type of software. Changes to functionality on updates - this can sometimes happen unexpectedly and can be an annoyance. More powerful data processing would be welcomed Read full review Usability Given this tool's wide area of testing functionality for mobile and web applications, it's a great tool to invest in for security testing. Though it lacks documentation to carry out particular vulnerability findings which are very challenging for a new user of this tool
Read full review I give Wireshark a 10 for usability because it is very usable. Just about anyone can capture packets within a few seconds of opening the program. The analysis is a science but as far as just using Wireshark; it's very easy.
Read full review Support Rating BurpSuite does not have an amazing customer support. All the major help that you will find is from public forums and Google. Although you will find all the required information on Google, still at time professional support helps you solve the problem in much less time and make your operations go smoothly.
Read full review I don't believe Wireshark has "true" support as the software is open source. However, there is an active & friendly community around Wireshark that are more than happy to help answer questions. From a comprehensive Wiki and FAQ section on the site to the Ask a Question forum and bug tracker section, there's plenty of support options to make sure your questions and issues are addressed.
Read full review Implementation Rating Simple and easy setup.
Read full review Alternatives Considered The only other tool I use that works like Burp Suite is the OWASP ZAP. It works a lot like Burp but just has a different layout. I prefer how Burp has the tabs for Repeater, Intruder, Decoder, ect.
Read full review Wireshark is a free tool that came highly recommended by one of our former network security consultants. Using the tool he was able to resolve all of our higher tier network tickets, so we observed first hand why we needed to add Wireshark into our toolset. We received in-depth instruction and training scenarios that demonstrated the effectiveness and power of the product, so we didn't spend any time reviewing competing products.
Read full review Return on Investment Positive impact, time to complete security development stage is decreased. Very positive impact on budgeting for external penetration testing. We can do the bulk of the common testing ourselves now. Read full review Identifying bugs in the network has never been smooth and near-perfect. Wireshark has made sure our equipment and software is working properly via analyzing network data. Analysis of IP packets and Sip call flaws has saved us a lot of time and confident result. Read full review ScreenShots