Founder's Edition — Hunter Pro at $249 your first year · first 500 seats Claim it
Agent-native web security workstation

Same price as Burp.
Everything it can't do.

Crusader is an intercept proxy, Attack Studio, mobile interception sandbox, and MCP server in one local app. Same per-seat line item as the incumbent. Built for the way you actually hunt — with mobile, with bot-defense bypass, with an agent, with your team.

  • Native Frida. Android cert-pinning killed in one click.
  • Browser-grade TLS. Real Chrome/JA3 fingerprint — your replays look like a browser, not a proxy.
  • Identity Shadow Replay. Any request, replayed as another principal — diffed.
Try free, no email How the trial works
$499/yrHunter Pro · Founder's $249
8 secTrial: just an email, no card
01 / Proxy HTTP/2 + WS + h1
HTTP/2 upstream by default. WebSocket frames decoded. Hot-swap to h1. One CA, all transports.
02 / Mobile Frida + ADB + APK lab
Native cert-pin killing. mTLS extraction. APK sandbox. Mobile hunting without four other tools.
03 / Attack Studio + Scanner
Clusters anomalies, doesn't dump rows. The outlier rises. Intruder + active Scanner, no paywall.
04 / Identity Shadow Replay
Replay as another principal + an unauth control. CSRF auto-refresh. Auth-boundary bugs surface themselves.
05 / Plugins JS · 4 surfaces
One .js: hook + form + right-click + CLI. Hot-reload. Share as a gist.
06 / Agent MCP + CLI + SQL
MCP server. 40+ CLI verbs incl. sql, hunt, llm. Your agent does real work.
Six surfaces · one project · figure 1
No card, no sales call14-day full trial
Local-firstzero telemetry
Drag your .burpproject import
Free tierforever · your data stays
First 500founder's seats · $249
See it work

Not a deck.
The actual workstation.

Real screens from Crusader running a live session — intercept proxy, Repeater with response diffing, a full Site Map, and analysis a stock proxy doesn't ship.

Crusader HTTP History — captured requests with request and response side by side
The proxy you live in. Capture, scope, filter, and inspect — request and response side by side, with findings, render, and raw views a click away.
Crusader Repeater with a live response diff against a baseline capture
Repeater with a live diff. Every resend is compared to a baseline — additions and removals highlighted inline — over a raw socket with a real Chrome TLS fingerprint.
Crusader Site Map showing endpoint coverage and one-click send-to actions
Map the whole target. Endpoint coverage at a glance, then right-click anything → Repeater, Intruder, Scanner, or Comparer.
Crusader request tree, baseline diff, and binary response analysis
Analyze, don't just view. Request tree, baseline diffs, and a binary preview with sha256, entropy, and magic-byte detection.
/ 01 What a hunt looks like

Capture → Replay →
Attack → Promote.

A whole bug-bounty session, in four moves. The same captured exchange flows from the proxy into the Repeater, into Attack Studio, into a finding — without leaving the project, without re-pasting, without three windows on top of each other.

i.

Capture.
From any actor.

Browse through the proxy. Pipe a curl through crusader send. Hit a mobile app with Frida-killed pinning. Let your agent do it through MCP. Every capture lands in one shared history.

ii.

Replay.
Diffed automatically.

Right-click → Send to Repeater. Tweak. Send. The new response is diffed against the last — line-level inserts, deletes, token changes colored. Token placeholders mean you don't paste a bearer into a hundred requests.

iii.

Attack.
Clustered, not dumped.

One click into Attack Studio. Sweep IDs, fuzz params, brute paths. Anomalies cluster by response signature — you scan five rows instead of fifty. The outlier is the lead. Or hit crusader hunt and the agent does the whole pass.

iv.

Promote.
To finding or plugin.

The interesting capture becomes a tracked finding, a JavaScript plugin (so it runs on every future request), a CLI command (so CI catches the regression), or an MCP tool call. Same captured truth. Different actor.

/ 02 Bring your project

Yesterday's traffic.
Today's attacks.

Drop a .burp file on Crusader's startup screen and it becomes a live workspace. Proxy history, site map, scope, scanner issues, notes all read in and re-indexed against Crusader's SQLite. Then every Crusader feature works against that captured history — diffs, Attack Studio, Frida replays, Identity Shadow Replay, plugins, agents. The switching cost is one drag-and-drop.

drop .burp on startup parse + re-index live workspace every feature works
What you brought the project file
// imported as-is, nothing thrown away › 47,000 proxy history entries › site map: 132 hosts, 8,400 endpoints › in-scope rules › scanner issues: 23 audited findings › notes & evidence packets › comments and color highlights // your .burp stays intact on disk.
What you get back same rows · every Crusader actor
// same data. new surface area. + SQL-queryable history + auto-flagged IDOR/AUTH/NEW map + scope enforced across GUI/CLI/agent + scanner issues open in Repeater + Attack Studio against the captures + Identity Shadow Replay across them + Frida-relay any session into mobile + MCP agent against the captures // the year of work didn't move. // the actors that can use it did.

Same path imports Caido projects (beta), raw HAR, and Fiddler SAZ. If you've got a year of bounty work in a project file, you don't lose it to switch — you upgrade it.

/ 03 The trial

Eight seconds.
No email. No card.

Most security tool trials want your work email, a business justification, and a 30-minute sales call. Download, unzip, and you're hunting. 14 days of full Hunter Pro — every feature unlocked, every workflow available. Just an email to start — no card, no sales call.

↳ what 14 days of Hunter Pro looks like

Set up the workshop you've always wanted.

Import your existing Burp project. Wire your phone to the proxy with one click. Run an agent loop against your scope. Share the workspace with a teammate. Two weeks to see what your daily hunt looks like with everything turned on.

Day 1: import + Frida Day 3: invite a teammate Day 7: review your hunt Day 14: keep going free or upgrade
During the trial everything in Hunter Pro
// every feature, every workflow ✓ Proxy · HTTP/2 + WebSocket + h1 ✓ Repeater (with diff) + Comparer + Decoder ✓ Attack Studio + Scanner + Intruder ✓ Beacon · OAST — DNS/HTTP/SMTP callbacks ✓ Mobile + Frida (Android) ✓ Chrome JA3 transport ✓ Identity Shadow Replay ✓ One-Button Hunt ✓ MCP server + full CLI (40+ verbs) ✓ Plugins · all four surfaces unlocked ✓ Project import (Burp, Caido, HAR) // 14 days. just an email. no card. // no install of a license file. // no calls to schedule.
After day 14 your call · your data stays
// option A — upgrade → Founder's $249/year (first year) → or Hunter Pro $499/year regular → or Squad $699/seat/yr (3-seat min, team workspace) // option B — keep using Free ✓ proxy, history, Repeater (with diff) ✓ Decoder, Comparer, plugins, CLI basics ✓ project import (Burp, Caido, HAR) ✓ every capture you recorded stays ✓ every plugin you wrote keeps running // either way, your project file is yours. // no time-bomb. no watermark. no wipe.

The trial is the easiest way to see whether Crusader fits your hunt. If it does, the upgrade is one click; if it doesn't, you still have a free daily-driver proxy with your work in it.

/ 04 Four things no other proxy ships

The moat is architectural.

Most proxy features are surface-level — a button you didn't have, a panel you wanted. These four are foundational. Each one used to mean another tool, another script, or a workflow you didn't have time for.

i

Mobile, with Frida built in

Cert-pin killing on Android, in one click. APK sideload + sandbox. mTLS extraction. Native AVD control. The mobile workflow that used to take four tools.

ii

Replays that look like a browser

Cloudflare and Akamai fingerprint your TLS hello. Proxy replays often get 403'd on that fingerprint; your browser doesn't. Crusader ships a browser-impersonation transport (tls-client + curl-impersonate) — your HTTPS sends go out with a real Chrome/Firefox/Safari fingerprint, matched to the request's User-Agent. TLS-fingerprint blocking stops flagging your replays.

iii

Identity Shadow Replay

Capture a request as Alice. Crusader replays it as another principal you've tagged — plus an unauthenticated control — with auto-refreshed CSRF, then diffs the response shapes and files the finding. Authorize-style auth-boundary testing, native.

iv

One database. Every actor.

Your history is a SQLite database with WAL mode and JSON1. The GUI, the CLI, the plugin host, the MCP server, and the mobile sandbox all read from it. Mass queries land in milliseconds. One project file, every actor.

/ 05 Switch without losing anything

Everything Burp Pro does.
Then the part it can't.

The real fear in switching proxies isn't learning a new UI — it's the one feature you rely on quietly going missing. So here's the whole checklist: every Burp Pro capability, matched line for line, before we get to the four things Burp doesn't ship at all.

Capability
Burp Suite Pro
Crusader
HTTP/1.1 · HTTP/2 · WebSocket proxy
HTTP/2 upstream by default, WS frames decoded, one CA for every transport
Repeater
automatic line-level response diff + token placeholders
Intruder / parameter fuzzing
Pro · throttled free
Attack Studio — HMAC + JWT re-signing, SecLists bundled, grep-extract, anomaly clustering
Active + passive scanner
Pro only
included — BOLA/BFLA/IDOR, GraphQL, OAuth, SQLi, cmd-injection, with proof-based triage
OAST / out-of-band (Collaborator)
Pro · hosted
built-in Beacon — DNS + HTTP + SMTP callbacks, email alerts, one-click promote-to-finding · self-host on your own server, single Pro seat
Intercept — hold / edit / drop
+ smart-skip filters, WebSocket interception, TLS pass-through
Match & replace rules
request, response, and WebSocket rules
Session handling / auth
macros
Identities + platform auth (Basic/NTLM/Bearer per host) + CSRF auto-refresh
Extensions
Java · BApp
JavaScript, hot-reload, 4 surfaces, no review queue
Reporting / evidence export
Pro
triage reports + evidence packets
Decoder · Comparer
+ AI-assisted LLM Diff
↓ four things Burp doesn't ship at any price
Mobile interception
manual setup
native Frida (Android), ADB, APK sandbox, mTLS — pin-killed in one click
Browser-grade TLS (anti-bot)
browser-impersonation transport — real Chrome/JA3 TLS, auto-matched; replays stop getting auto-403'd on TLS fingerprint
Identity Shadow Replay
one capture, replayed as another principal + unauth control — auto-filed auth-boundary finding
Agent-native — MCP · CLI · SQL
MCP server, 40+ CLI verbs, SQL over your whole history
Project import
it's the source
drag a .burp, Caido, or HAR file → live workspace
Per-seat license
$499 / seat / yr
$499/yr — identical · $249 founder year-one · free tier forever

Eleven capabilities at parity, four Burp can't match, and a free tier that out-features Burp Community. You're not giving anything up to switch — you're adding mobile, an agent, and your whole team for the same line item.

Try the whole table free, no card

/ 06 Compose & await

Write it once.
Call it from anywhere.

Every JavaScript plugin you write is automatically a side-panel form, a right-click action, a CLI verb, and an MCP tool. Every CLI verb emits structured JSON on stdout. Every MCP call returns the same JSON, awaited. Pipe through shell. Chain through an agent. Same primitives.

write .js plugin registered as CLI verb exposed as MCP tool chain & await anywhere

This is why agents actually work against Crusader. Most "AI proxy integrations" pipe text into a chat window and hope. Crusader's surfaces return deterministic JSON, declare their input schemas, and run synchronously enough for an agent to await the result and decide what to do next. The chain you'd write in bash is the chain the agent runs unattended.

Browse the extension marketplace

/ 07 Team Mode · early access

Three hackers.
One workspace.

Bug-bounty crews shouldn't email project files around. Squad publishes a redacted project snapshot — findings, Repeater & Intruder tabs, identities — to a shared team endpoint, so the whole crew works from one workspace. Live presence, soft locks, and claimable tabs are rolling out during early access.

/ 08 Pricing

Free for the work.
Paid for the team.

Hunter Pro is $499/year — exactly what Burp Pro costs. Your AppSec budget doesn't change to switch. The free tier ships a daily-driver proxy. Squad replaces passing project files around. Founder's Edition is the cheapest seat this product will ever sell.

Free

Local proxy. HTTP/2 + WebSocket. History. Repeater (with diff). Decoder. Comparer. Unlimited JS plugins. CLI basics. Project import. Forever.

$0
forever · no account · no telemetry
Download free

Hunter Pro

Everything in Free, unlocked. Attack Studio, Scanner, Beacon/OAST, Mobile + Frida, JA3 transport, Identity Shadow Replay, One-Button Hunt, MCP server, full CLI. Commercial use.

$49/mo
or $499/yr · one seat · 14-day trial
Get Hunter Pro or pay yearly · $499 — save $89

Squad early access

A full Hunter Pro seat for everyone + a shared team workspace. Publish findings, Repeater/Intruder tabs, and identities to one project. Live presence, soft locks & tab-claiming are rolling out in early access.

$69/seat/mo
or $699/seat/yr · 3-seat minimum · pick seats at checkout
Get Squad or pay yearly · $699/seat · save $129/seat

Team Pro

Squad for a whole org. SSO / SAML / SCIM, role-based access, assignment boards, a full audit trail, private extension packs, and a pooled Beacon quota across the team.

$6,999/yr
7 seats · SSO/SCIM · audit & RBAC
Talk to us

Self-Hosted Team

Team Pro on your own infrastructure. The shared workspace and Beacon run inside your network — nothing leaves your perimeter. Built for regulated and air-gapped teams.

$150/seat/mo
3-seat min · your infrastructure
Talk to us

Enterprise

Everything, plus data residency, a private extension registry, hosted AI credits, and SSO at scale — with procurement, MSA, security review, and priority support.

from $25,000/yr
custom terms · procurement & MSA
Talk to us
↳ founder's edition · first 500 seats

Hunter Pro at $249 for your first year.

Launch pricing for early adopters: $249 for the first 12 months — half off Hunter Pro. Renews at $499 in year two. Annual only. Limited to the first 500 founding seats.

$249 year one every Pro feature $499 renewal 500 founding seats
Claim your Founder's seat — $249
/ 09 Before you switch

The questions
everyone asks first.

Do I lose my Burp work if I switch?

No. Drag a .burp file onto Crusader's startup screen and it becomes a live workspace — history, site map, scope, scanner issues, notes and highlights all import and re-index. Caido (beta), HAR, and Fiddler SAZ work the same way. Your original file stays untouched on disk.

What do I actually get for free, forever?

A real daily driver: the HTTP/2 + WebSocket proxy, history, Repeater with diff, Decoder, Comparer, unlimited JavaScript plugins, CLI basics, and project import. No account, no telemetry, no time-bomb — and it out-features Burp Community.

Mac, Windows, and Linux?

All three, natively. Crusader is built on the cross-platform Avalonia stack, so Windows, macOS, and Linux get the same features and the same single CA for every transport. Download, unzip, run.

Is my data private?

Local-first. Everything lives in a SQLite database on your machine — no account, no telemetry. Nothing leaves your box unless you turn on Team Mode (your own remote workspace) or press “Review diff,” which sends only redacted evidence to the LLM provider you configured.

Does it have a Collaborator / OAST server?

Yes — Beacon is built in. DNS, HTTP, and SMTP callbacks with geo/ASN, email alerts, and one-click promote-to-finding for blind SSRF, XXE, and out-of-band injection. No separate hosted add-on to configure — and you can run Beacon on your own server: self-hosted OAST is included on a single Hunter Pro seat, not gated behind a team or enterprise plan. (Burp's private Collaborator server is Enterprise-only.)

What happens when the 14 days end?

You drop to the free tier and keep everything you captured — history, identities, comments, and every plugin you wrote keep running. The trial never took a card, so there's nothing to cancel. Upgrade is one click whenever you're ready.

One project.
Every actor.

Downloads open at launch
almost there
Get notified at launch

We're putting the final polish on the build — Windows, macOS, and Linux land together.
The 14-day Hunter Pro trial (just an email, no card) and the free-forever tier open the day downloads go live.
Founder's Edition: $249 first year — first 500 seats.