Monday, October 20, 2014

v1.6.06

This release includes some major enhancements to the Scanner engine. Burp can now automatically report the following new types of issues:
  • Perl code injection
  • PHP code injection
  • Ruby code injection
  • Server-side JavaScript code injection
  • File path manipulation
  • Serialized object in HTTP message
  • Client-side JSON injection (DOM-based)
  • Client-side XPath injection (DOM-based)
  • Document domain manipulation (DOM-based)
  • Link manipulation (DOM-based)
  • DOM data manipulation (DOM-based)
Additionally, the scanning logic for several existing checks has been enhanced to improve accuracy.

A number of bugs have also been fixed, including:
  • A bug that caused the option "skip server side injection tests for these parameters" to not work in some situations.
  • A bug that caused session handling rules to fail when using the sessions tracer, in some situations.
  • A bug affecting the auto-generation of CA-signed per-host SSL certificates, in some situations.
  • A bug that sometimes caused Burp to hang on startup when reloading certain extensions.
MD5: 694cf004dd433078f1eba9913a493c93
SHA256: 2e1f010a3ad4b8d51906e68b5a924404854a8a501d85f29185a31626b74d0fbb