Burp Suite, the leading toolkit for web application security testing

Burp Suite release notes

Wednesday, December 21, 2016


This release includes the most frequently requested feature of all time: custom wordlists in the Content Discovery feature.

It also massively improves the accuracy of detection of valid vs. not-found responses in the Content Discovery engine. We believe that this is now approaching 100% accuracy in terms of both false positives and false negatives. If anyone encounters a site where the Content Discovery function is not completely accurate, please let us know the details and we will investigate.

A number of other enhancements and fixes have been made:
  • Further to the security issues that were fixed in 1.7.14, some additional hardening has been performed of in-browser actions and the CSRF PoC generator, to prevent some conceivable attacks involving excessive amounts of socially engineered user actions on a malicious site. 
  • A bug that caused the Burp Comparer progress bar to intermittently hang has been fixed.
  • The SMTP service of the Burp Collaborator server has been modified to reject emails without a valid interaction ID. This effectively prevents the Collaborator wrongly appearing to be an open mail relay, which caused failure reports by naive security scans.
  • A bug that was introduced in 1.7.14, which prevented Repeater requests from being issued when a tab other than the "Raw" tab was selected, has been fixed.

MD5: 28fd91f8d490539f43f7656be183a2f8
SHA256: 5c6c92ba03f9949bdee5ad06de1857cf95b6a185472099714c35fe803493d5f8

MD5: 4dda1b4b6f5b2f6e26800d2de27cee81
SHA256: 4981643c399dd99f9466137e847802358ace1008fb0e6e427b9608453b97d494

MD5: 00805dcdc13a8980feeda8385d090ab6
SHA256: f1ed25e925b68bbc6c83a350a768e663e51d2cbd60e1a7ef5fa9a70a305928f4

MD5: 6c0ead0f72fe6b1d5253c704112fed7b
SHA256: 9a58431985e160676dee27f86d5d0122a946b576d69b8c9501ec095635179b8f

MD5: 5d4eda1c4081fb6569210fb33ddfe1e0
SHA256: 82d7224ddd9e645686141eb47380df90f6717221fde65f865e2696c47944b559

MD5: bffe16e37aece609df12f4db5ce4521a
SHA256: 06a412dc4c42ea25e6aa374f6b37485d64ebde297e40a2c30a8ade889c242e1d

MD5: 0f6025fe4a822d784796fe376554438b
SHA256: 8d8ad2bcf579dec1a78f8972e0ea79c48d5a107b87bf870627f529b5f2e1c4fe

MD5: 2c237465d7a56e06f36191566f0c9e7c
SHA256: 0fc1c1cfe9804277a4674e16ceb5ac564d24330eae085c660f6c8b9646315e91

MD5: 70fe127e99827df4c15453a89dc6afab
SHA256: 500f265c1726b7d87cba6ccdf24b4e173606c07c8c7a2fae83a96808375c8c86

MD5: ddb4e11c25f65403083cf4911f9c78cf
SHA256: d5816fa34f22c4d90e4903e756c52c925e09701a00941892848d24288678a57b

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Copyright 2016 PortSwigger Ltd. All rights reserved.