Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Tuesday, November 5, 2019

Professional 2.1.05

This release adds experimental support for using Burp's embedded Chromium browser to perform all navigation while scanning.

This new approach will provide a robust basis for future capabilities in Burp Scanner, enabling it to eventually deal with any client-side technologies and navigational structures that a modern browser is able to deal with. It has the potential to dramatically improve coverage of the scan, during both the crawling and auditing phases.

In this initial release, Burp Scanner now correctly deals with:
  • Applications that dynamically construct the navigational UI (links and forms) using JavaScript.
  • Applications that dynamically mutate the request when a link is clicked or a form is submitted, using JavaScript event handlers.
There are numerous caveats at this stage:
  • Performance is poor and will be improved considerably over the next few releases.
  • Navigational elements other than links and forms are not yet supported (such as DIV elements with an onclick handler that makes a request).
  • Asynchronous requests such as XHR are honored during navigation but are not audited.
  • Navigational actions that mutate the existing DOM without causing a request to the server are not properly handled.
  • Frames and iframes are not properly supported.
  • File uploads are not supported.
The new feature is currently experimental, and is being released to gather feedback from users who want to play with the new capability and assess its effectiveness. The new feature is not currently a suitable replacement for the existing default scanning mode: you are likely to gain some coverage of JavaScript-heavy applications, but also lose some coverage and experience poor performance. Rest assured that over the coming months the new feature will be considerably enhanced until it becomes a robust and superior replacement to the existing scanning mode.

To enable experimental support for browser-based scan navigation, create a new scan, add a crawl configuration, and under "Miscellaneous" select "Use embedded browser for navigation". You can also configure whether to allow the browser to fetch page resources that are out-of-scope.

The release also includes various other bugfixes. The embedded JRE that is included in Burp's installer has been updated to Java 12.

MD5: 1dc02e1b39828540b97b8d3a2de804a1 
SHA256: b99cd745fc6dfdf4d8795728988e17e8a36a7c87e74d7b647bd42c16366ee0bf
MD5: f81ce6416c2980d6b0c4076bd666b50b 
SHA256: 997b0efff89391bc11c7a5415a126a028a398919cc83ea2f20bf86032e578fe8 

MD5: ae885a494177657fb2cbc1138532a086 
SHA256: a223261d76e832cfac0d51f4d01c575a87506714461374dd0f162aa2c481fcdf 

MD5: e55173f47097f14e62e86cd2bebeee81 
SHA256: f2105ec4fd4ba8ff8d8f0ee295fe87be15703244fa3304b9af7c54d7807dbc12