login

Burp Suite, the leading toolkit for web application security testing

Burp Suite release notes

Monday, October 20, 2014

v1.6.06

This release includes some major enhancements to the Scanner engine. Burp can now automatically report the following new types of issues:
  • Perl code injection
  • PHP code injection
  • Ruby code injection
  • Server-side JavaScript code injection
  • File path manipulation
  • Serialized object in HTTP message
  • Client-side JSON injection (DOM-based)
  • Client-side XPath injection (DOM-based)
  • Document domain manipulation (DOM-based)
  • Link manipulation (DOM-based)
  • DOM data manipulation (DOM-based)
Additionally, the scanning logic for several existing checks has been enhanced to improve accuracy.

A number of bugs have also been fixed, including:
  • A bug that caused the option "skip server side injection tests for these parameters" to not work in some situations.
  • A bug that caused session handling rules to fail when using the sessions tracer, in some situations.
  • A bug affecting the auto-generation of CA-signed per-host SSL certificates, in some situations.
  • A bug that sometimes caused Burp to hang on startup when reloading certain extensions.
MD5: 694cf004dd433078f1eba9913a493c93
SHA256: 2e1f010a3ad4b8d51906e68b5a924404854a8a501d85f29185a31626b74d0fbb

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Copyright 2016 PortSwigger Ltd. All rights reserved.