Burp Suite

scanner Burp Suite

PortSwigger web application security testing platform

About this crawler

Burp Suite is a web crawler identified by the regular-expression pattern Burp Suite in the User-Agent request header. It is categorised as scanner. Use the regex above to detect, log, allow, or block Burp Suite traffic in your web server, CDN edge rules, or robots.txt.

Block-rate · top 25k sites

No block-rate data for this crawler.

Technical details

Name: Burp Suite
Pattern: Burp Suite
Tags: scanner
Reference: https://portswigger.net/burp
Added: 2026/05/02
rDNS suffixes: .burpcollaborator.net, .oastify.com, .portswigger.net
Instances: 0 known sample(s)

rDNS verification (FCrDNS)

Verify a request is genuinely Burp Suite with forward-confirmed reverse DNS: the client IP's PTR record must end in one of the suffixes below and a forward A/AAAA lookup of that hostname must return the same IP. UA strings alone are spoofable; FCrDNS is not.

.burpcollaborator.net
.oastify.com
.portswigger.net

Sample User-Agent strings

no public sample user-agents recorded.

Block this crawler

robots.txt — disallow Burp Suite:

User-agent: Burp Suite Disallow: /

Apache .htaccess — return 403:

RewriteEngine On RewriteCond %{HTTP_USER_AGENT} Burp Suite [NC] RewriteRule .* - [F,L]

Nginx — return 403 inside a server block:

if ($http_user_agent ~* "Burp Suite") { return 403; }

← back to all crawlers