Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Tuesday, September 17, 2013

v1.5.17

This release includes a number of enhancements and bugfixes:
  • There is a new "copy as curl command" function on context menus. This function constructs a curl command that generates the selected request, and copies the command to the clipboard.
  • The Extender tool has a new option to specify a folder from which Burp will load library JAR files for use by Java extensions.
  • The IBurpExtenderCallbacks interface has several new methods:
    • Methods to list and remove extension-provided resources such as event listeners, resource factories, etc.
    • Methods to print a line of output to the extension's stdout or stderr streams.
  • The numbers payload generator in Intruder has been enhanced to cope with numbers of arbitrary size and precision, and is no longer subject to the constraints of Java's native integer or floating point arithmetic. It is possible configure and launch attacks that will result in arbitrarily many payloads. If the number of payloads exceeds 2^31 then Burp will report the number as "unknown" but the attack will still proceed in the expected way (even though actually completing the attack is not feasible).
  • There is a new hotkeyable action to forward the request currently showing in the Proxy intercept view and force interception of the response. This action is not assigned a hotkey by default.
  • The save and restore state functions can now include the configuration options for the Extender tool.
  • The extensibility API to retrieve the contents of the site map now auto-generates GET requests for items in the site map that have not yet been requested.
  • A bug in the session handling action to update the value of a named parameter, where multiple parameters with the same name were not updated, has been fixed.
  • A bug in Intruder that caused some valid custom iterator configurations to fail has been fixed.
  • A bug in the invocation of extension-provided custom Scanner checks, where an exception thrown by an extension could cause Burp's scanning thread to die, has been fixed.
  • A bug in the CSRF PoC generator where pure GET requests are not properly handled has been fixed. (Of course, a pure GET request is itself deliverable cross-domain using only its own URL, but Burp now gives the option of delivering the request via a form submission if required.)
MD5: 2b9a66b72e0162229103d4d57548384c
SHA256: 4a99433e77eb004f2b6a36d94256020ea379e4a65c38d3b866a3e17c46bc6d7b