SSL Pass ThroughYou can now specify destination web servers for which Burp will directly pass through SSL connections. Passing through SSL can be useful in cases where it is not straightforward to eliminate SSL errors on the client - for example, in mobile applications that perform SSL certificate pinning. If the application accesses multiple domains, or uses a mix of HTTP and HTTPS connections, then passing through SSL connections to specific problematic hosts still enables you to work on other traffic using Burp in the normal way.
If the option to automatically add entries on client SSL negotiation failure is enabled, then Burp will detect when the client fails an SSL negotiation (for example, due to not recognizing Burp's CA certificate), and will automatically add the relevant server to the SSL pass through list.
Startup Interception State
Highlighting Unhidden Fields
Fix Newlines In Edited Requests
New Interception Rules
New Match/Replace Rules
- You can define rules based on parameter names and values.
- You can configure a rule to operate only on the first line of requests, for making quick changes to the URL or request method.
- You can optionally use literal or regular expressions in match rules.
- You can add comments to rules to describe their purpose. This facilitates quick toggling of individual rules without needing to read them to understand what they are doing.
- Various new default rules have been added for performing common tasks.
- The documentation has been updated to describe how you can use regular expressions to match multi-line regions of message bodies, and how you can use regex groups in back-references and replacement strings.
Editing Target Server in Intercept View
Updated In-Browser Burp UI
- There are more readable and informative messages when a request causes a problem.
- Invalid client requests are reproduced in full in the error message, to assist debugging.
- The interface is now available both at http://burp (when you have configured your browser to use Burp as its proxy) and at the URL of your Burp listener (for example, http://127.0.0.1:8080, even if your browser is not configured to use Burp).
Support for Firefox Plug-n-hack Plugin
Quick Navigation of History In Repeater