Thursday, July 16, 2015
1.6.22
This release adds a new scan check for external service interaction and out-of-band resource load via injected XML doctype tags. Burp now sends payloads like:
<!DOCTYPE foo PUBLIC "-//B/A/EN" "http://chx3bggs599lgla2n3wqnj2e35.burpcollaborator.net">
and reports an appropriate issue based on any observed interactions (DNS or HTTP) that reach the Burp Collaborator server.
MD5: 65810fedf540ee6fa2d868fa14e6c68f
SHA256: fba2aec68822ec0a90da46e4aa1a67e0f75c3f103d1ecfedb247d2c25b14116d
<!DOCTYPE foo PUBLIC "-//B/A/EN" "http://chx3bggs599lgla2n3wqnj2e35.burpcollaborator.net">
and reports an appropriate issue based on any observed interactions (DNS or HTTP) that reach the Burp Collaborator server.
MD5: 65810fedf540ee6fa2d868fa14e6c68f
SHA256: fba2aec68822ec0a90da46e4aa1a67e0f75c3f103d1ecfedb247d2c25b14116d