Burp Suite can do much of this as well, but the intent feels different. Charles is very much about observing and understanding raw HTTP(S) traffic with minimal friction, which makes it handy for quick debugging, mobile app inspection, or client-side issues. Burp leans heavily into security workflows: interception, replay, automation, and attack surface exploration. That power comes with more setup and a more opinionated UI. I’ve found Charles useful when I want visibility without switching into “pentest mode,” whereas Burp shines when security analysis is the goal.
You can also check out Caido as an alternative, we are a newer player in the space but catching up very fast. Most of the Burp new features of the last 2 years are basically copying what we innovated in Caido.
That’s fair. I mostly stick with Burp because I’m very familiar with its workflows and tooling, and that familiarity matters a lot in day-to-day work. That said, I genuinely appreciate having credible competitors to Burp. New tools entering the space tend to challenge long-standing assumptions, especially around UX and ergonomics, and that pressure usually benefits everyone. Even if I don’t switch immediately, competition is healthy and often the reason established tools keep improving.
Just to mention an alternative option, ZAP (aka. Zed Attack Proxy) covers much of the same ground as Burp and is entirely free and Open Source.
On paper ZAP has all of the features I care about, but I gave it my best try and found it really unintuitive to use.
Exactly, usually for my UC, Burp is enough. Even the Community Edition works great.