Tuesday, August 19, 2014


This release fixes a UI bug affecting a small number of users who are running Burp on Java 1.6.

MD5: f96be0b9bd18e2efd700ebf0fc74a81c
SHA256: 2dea974356f6459e284ec0ef1552e51eef1cd89ef0a558c46489f04feee5b3c8

Wednesday, August 13, 2014


This release fixes a number of minor bugs in the JavaScript code analysis engine. These bugs resulted in false negatives or performance problems in the detection of certain DOM-based vulnerabilities.

Additionally, the following other changes have been made:
  • A bug affecting the restoration of saved Intruder attacks has been fixed.
  • A bug that prevented the button to help install Jython or JRuby from showing for some relevant BApps, has been fixed.
  • A bug that occasionally causes the Scanner UI to hang when modifying issue severity or confidence has been addressed (again). Further feedback on this problem is welcomed.
  • Some new match/replace rules have been added to the default Proxy options, allowing removal of HSTS response headers, and disabling of browser XSS protection.
MD5: 431d9b391c54d581948abb45dfd98eae
SHA256: b0a5a845fc46812a74ea0c9b692df71315607f622d7263270a63e3f75332a568