Thursday, April 15, 2010


This release addresses a number of stability issues, particularly on non-Sun JRE platforms like Apple and OpenJDK:

  1. Occasional UI freezes during updates to the site map (during spidering, content discovery etc.).

  2. Occasional UI freezes when toggling Proxy interception during display of large responses.

  3. Complete failure to run on OpenJDK.

The moral of this story has been: don't assume that thread synchronization works the same way on all JREs. It's difficult to promise that there won't be any more of these issues, but initial feedback from Mac users has been positive. If you do encounter any more stability issues, please do let me know.

There are some minor bugfixes affecting all users. And the changes to the thread synchronization model have made some of Burp's functionality run a fair bit faster than previously.

The Sun JRE remains the only offically supported platform for Burp, but this release should make life much easier for users of other platforms.

Sunday, April 11, 2010


This release fixes a few minor bugs arising from version v1.3.01.
It also adds a facility to customise the preset payload lists that are included with Burp Intruder, and which are accessible via the "add from list" drop-down for various payload types. You can specify your own directory to hold payload lists, and these will automatically appear in the drop-down within Burp.
To access this feature, choose "configure preset payload lists" from the Intruder menu:

You can use the "copy" button to copy all of Burp's built-in payload lists into your custom directory, to use alongside your own payloads lists. You can then use your preferred text editor to modify any of the lists as required.
This release also adds a number of new built-in payload lists, including new fuzz strings and lists of interesting CGI files. These were kindly donated by Adam Muntner.