Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Wednesday, February 1, 2017

1.7.17

This release adds various new features and addresses some issues.

There is a new Scanner check for suspicious input transformation. This issue arises when an application receives user input, transforms it in some way, and then performs further processing on the result. Burp reports reflected and stored input that has been transformed in the following ways:
  • Overlong UTF-8 sequences are decoded.
  • Invalid UTF-8 sequences containing illegal continuation bytes are decoded.
  • Superfluous (or "double") URL-encoded sequences are decoded.
  • HTML-encoded sequences are decoded.
  • Backslash escape sequences are unescaped.
  • Unexpected transformations resulting from submitting any of the above payloads.
Performing these input transformations does not constitute a vulnerability in its own right, but might lead to problems in conjunction with other application behaviors. An attacker might be able to bypass input filters by suitably encoding their payloads, if the input is decoded after the input filters have been applied. Or an attacker might be able to interfere with other data that is concatenated onto their input, by finishing their input with the start of a multi-character encoding or escape sequence, the transformation of which will consume the start of the following data.



Various enhancements have been made to Burp Infiltrator, in response to feedback from real-world usage:
  • A bug affecting the patcher when running on Java 6 or earlier has been fixed.
  • A bug that caused the manifest files of some nested JAR files to be lost has been fixed.
  • A bug that left invalid signatures in place after the relevant bytecode was modified has been fixed
Burp Scanner's issues are now mapped to CWE vulnerabilities.

There is a new command-line option to prevent Burp from pausing the Spider and Scanner when reopening existing projects. To prevent this, add the following argument to the command to launch Burp:

--unpause-spider-and-scanner

Various other enhancements and bugfixes have been made.

burpsuite_free_linux_v1_7_17.sh
MD5: b9371185454563e5ca279ab80d5fdd28
SHA256: aae6d011211313f9408de431c7ac3fe230d6d0d61c038add3778b453ad33e9b8

burpsuite_free_macos_v1_7_17.dmg
MD5: bb3592dd77027d583be6081988e48522
SHA256: 77740b44eebba7dce56cc866380a7cf94fca4536c22d14edb183d2f7f7a3177c

burpsuite_free_v1.7.17.jar
MD5: a572b5b026290335f8b5d2dac0766dbd
SHA256: 2bd6c8f09ad657716e95191ac4841297f268ca5ce279dd164b0d67ccd375683d

burpsuite_free_windows-x64_v1_7_17.exe
MD5: fc1bb251a9ec7685160cff3fcd5119e3
SHA256: 4b54fbe77bf8e89508316731f621ba03a25dd224fa7f3855e7a6db8dd653a5df

burpsuite_free_windows-x86_v1_7_17.exe
MD5: 8b40a5bdf55848329ca9f9eb9b3e7154
SHA256: c8c4c8cb3156d523e3f5630b0c1500df05eb4a0297bdcd23fb00e0853467bf7e

burpsuite_pro_linux_v1_7_17.sh
MD5: 408d063f42f51ea027bb6a5014ae58e6
SHA256: f18ad7d5873ca4fa29af04e8cd9ce967792377366b74edc5943014440f2cc815

burpsuite_pro_macos_v1_7_17.dmg
MD5: 83d6022c7b739c346b14897ac491e8a0
SHA256: ea41d8afeb1f621ccfa15d56d4bb8a0a72d5fab3dabe4164696527ae692df4db

burpsuite_pro_v1.7.17.jar
MD5: 1af427b18de46c38410b46fb5a3f8080
SHA256: 603ca7adb8561a73c6ce49c463c8e8bee36c9ae88422f53b9af5fe5136f80aec

burpsuite_pro_windows-x64_v1_7_17.exe
MD5: 36567e3a4b010d981d477be97c924753
SHA256: ecc64b14e64225bd54429a283cc184f5febea93d1eac531cda302d2defcb48f5

burpsuite_pro_windows-x86_v1_7_17.exe
MD5: b9c142ffff80cce82c54e3ed3ce17814
SHA256: 96fc23d40efbe386217ce71c33a68a31fa589f13443a25c2bb5842c55d6fca0f