Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Tuesday, April 15, 2014

v1.6

This is the final v1.6 release.

Burp Suite Free Edition contains significant new features added since v1.5, including:
  • Support for WebSockets messages.
  • Support for PKCS#11 client SSL certificates contained in smart cards and physical tokens.
  • A new Extender tool, allowing dynamic loading and unloading of multiple extensions.
  • A new powerful extensibility API, enabling extensions to customize Burp's behavior in much more powerful ways.
  • Support for extensions written in Python and Ruby.
  • A new BApp Store feature, allowing quick and easy installation of extensions written by other Burp users.
  • An option to resolve DNS queries over a configured SOCKS proxy, allowing access to TOR hidden services.
  • Generation of CSRF PoC attacks using a new cross-domain XHR technique.
  • New options for SSL configuration, to help work around common problems.
  • Optional unpacking of compressed request bodies in the Proxy.
  • Support for .NET DeflateStream compression.
  • New and improved types of Intruder payloads.
  • New Proxy interception rules.
  • New Proxy match/replace rules.
  • Improved layout options in the Repeater UI.
  • An SSL pass-through feature, to prevent Burp from breaking the SSL tunnel for specified domains.
  • Support for the Firefox Plug-n-hack extension.
  • An option to copy a selected request as a curl command.
Burp Suite Professional contains a number of bugfixes and tweaks, added since the last beta version, including:
  • An occasional bug causing misplaced highlights on payloads in Scanner issues has been fixed.
  • A bug in which restoring default settings for the Extender tool didn't unload any currently running extensions has been fixed.
  • A display bug affecting the rendering of binary content (such as images) in the raw view of the HTTP message editor has been fixed.
  • A bug which prevented the automatic backup on exit feature from functioning in headless mode has been fixed.
  • In previous versions, Burp stored its preferences in separate locations for each major version. This caused persisted settings to be lost on upgrading to a new major version. This behavior has been modified, and from v1.6 onwards major versions will store their preferences in the same location. As a workaround to preserve settings from earlier releases, Pro users can launch the earlier release, save a state file containing their preferences, then launch the new release and load the state file.
Work is already underway on some exciting new features that will be arriving post v1.6 ...

Free edition
MD5: 6f2c0ff4e3cab35bb49312ce88e1a690
SHA256: 21cfdd2d2f682997648f3877bca239bde358f8ce5a2a9304fd1de72fc68a3312

Pro edition
MD5: 8d56e783e79f615feefd3717322d61dd
SHA256: d81a765df2eb2fc33f91cdbf2669264204a9acf2ed7e43187ff7632015ffa89b

Thursday, April 3, 2014

v1.6beta2

This release fixes a number of bugs:
  • A bug in v1.6beta that caused some saved state files to be corrupted has been fixed. The majority of problematic state files that were generated with the previous version should be loadable in this release.
  • A bug in the HTTP message viewer which caused parts of a message not to be displayed in certain situations has been fixed.
  • A bug arising on certain platforms (e.g. some OS X retina machines), in which the HTTP message viewer displays the cursor in the wrong position, has been addressed. Since this was a platform-specific problem, and we weren't able to reproduce the bug on all reported configurations, we welcome feedback as to whether any further instances of this problem are remaining.
  • Problems affecting Proxy SSL negotiation on Java 8 have been addressed. Burp is not yet officially supported on this platform, pending further testing, but we welcome feedback about any further problems that arise on Java 8.
  • Some XSS edge cases relating to URL-encoding of specific payload characters, which were being missed by Burp, are now detected properly.
  • A bug in the Intruder custom iterator payload type, which caused it not to generate the expected payloads in certain conditions, has been fixed.
  • The opt-out checkbox for reporting of anonymous performance feedback, which previously appeared only on an options panel, has been added to the EULA acceptance dialog.
MD5: 2bae268d34ead1cf4cecc8a31840a427
SHA256: 8d3c71c4044f039e87f0838335e698d29d68e00dfe76c3a987eec93f138456d0