login

Burp Suite, the leading toolkit for web application security testing

Burp Suite release notes

Monday, July 28, 2014

v1.6.03

This release includes a new engine for static analysis of JavaScript code. This enables Burp Scanner to report a range of new vulnerabilities, including:
  • DOM-based XSS
  • JavaScript injection
  • Client-side SQL injection
  • WebSocket hijacking
  • Local file path manipulation
  • DOM-based open redirection
  • Cookie manipulation
  • Ajax request header manipulation
  • DOM-based denial of service
  • Web message manipulation
  • HTML5 storage manipulation
For more details, see the blog post.

MD5: bacd658a929c4a69580ea646d03b7d03
SHA256: 8f4ed620356d2ecedd3a8be6754137e0788dc3e1b6e2df628a28f1a8a75a21a7

Tuesday, July 22, 2014

v1.6.02

This release contains various bugfixes and minor enhancements:
  • A bug that caused certain HTML content to be wrongly inferred as JavaScript, with a knock-on effect on the Scanner's XSS checking logic, has been fixed.
  • A bug introduced in v1.6.01 affecting the passing through of command line arguments to extensions has been fixed.
  • A bug that sometimes caused session handling rules using macros to be incorrectly restored from state files, has been fixed
  • A bug that occasionally caused corruption in the rendering of live streaming responses has been fixed.
  • A bug where the "time of day" value in Intruder attack results was incorrectly reported when request throttling was enabled, has been fixed.
  • Logging options have been enabled for the Sequencer tool.
  • Links in the BApp details tab are now clickable and open in an external browser.
  • Renamable tab captions now prevent accidental renaming to an empty string, which previously resulted in a pixel-perfect double-click being required to rename the tab to anything else.
  • Efforts have been made to fix an occasional bug that causes the UI to freeze when changing the confidence or severity of Scanner issues. Feedback is welcomed on whether this bug has indeed gone away.
MD5: e9a5a822c3075f827b9c953d9c52336c
SHA256: ae0c91a1768f4b5c9b1585bad05dbb18e160978f42976ac720a666d2d5fcc982

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Copyright 2016 PortSwigger Ltd. All rights reserved.