Burp Suite 2023.10.3.4 was just published by PortSwigger and is aimed at ethical hackers and security experts with updated features.
Burp Suite is a cybersecurity tool used for web application security testing. It is an intercepting proxy, allowing users to examine and manipulate the traffic between a web browser and the target application.
It has a Free or Community Edition, a Professional Edition, and an Enterprise Edition. All of them differ based on their implementation and usage.
Burp Suite helps identify and address security vulnerabilities, such as:-
- SQL injection
- Cross-site scripting (XSS)
Not only that even it also helps in identifying other common web application flaws, making it an essential tool for ethical hackers and security professionals.
Internal Tools
Pentester’s Swiss Army Knife Burp Suite offers several tools that come pre-inbuilt with the complete package, and here below, we have mentioned them:-
- Proxy
- Target
- Scanner
- Spider
- Intruder
- Repeater
- Collaborator client
- Clickbandit
- Sequencer
- Decoder
- Extender
Also Read: BurpGPT – ChatGPT Powered Automated Vulnerability Detection Tool
What’s New?
This update brings Bambdas to the HTTP history filter in Burp Suite, allowing UI customization through Java code snippets. Also, export BChecks, extend notes, enable TLS passthrough for out-of-scope items, and add subdomains to your target scope.
StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.
Here below we have mentioned all the new additions:-
- Advanced HTTP history filtering using Bambdas: Customize Burp Suite with Bambdas with the help of small Java code snippets that are now available in Proxy > HTTP history. Filter your HTTP history for precise results, eliminating noise. Try Bambdas in Proxy > HTTP history tab for a tailored experience.
- Exporting BChecks: Easily share BChecks across Burp instances by exporting selected ones. See their GitHub repository for BChecks from PortSwigger and the Burp Suite community.
- Increased support for notes throughout Burp: PortSwigger expands notes in Burp, allowing you to record key info on tabs for easy access later. Notes copy between tabs and tools for seamless use. Use the sidebar’s Notes panel to add and access notes efficiently.
- TLS passthrough for out-of-scope items: Optimize performance by applying TLS passthrough for out-of-scope items in the target scope settings. It’s enabled automatically when choosing to Stop logging out-of-scope items.
- Include subdomains in target scope: Expand target scope by including subdomains of selected hosts. Check ‘Include subdomains’ in Target > Scope settings to activate.
- Improved Task details dialog:
- Replaced the Details tab with Summary for easier navigation.
- Includes critical vulnerabilities, task progress, and a real-time task log.
- The new Issues tab lists all scan findings.
- Renamed the issue activity to the audit log.
- Easily view further details in the event log with a single click.
- BChecks grammar enhancements:
- A removing query_string action that removes an entire query string from a request.
- A new variable that returns Burp’s User-Agent header.
- A new pre-defined variable called insertion_point_base_value contains the base value of the current insertion point.
- A new per-path BCheck template that you can base your checks on.
- BChecks can now return more than one issue.
- Developers have also updated the grammar version to v2-beta.
Other Improvements
After a scan, the Burp Scanner checks the Collaborator server every minute for 10 minutes, then reverts to 10-minute intervals.
Besides this, the instant out-of-band interactions are now reported faster. Burp’s built-in browser upgraded to version:-
- 119.0.6045.123 on Mac/Linux
- 119.0.6045.123/.124 on Windows
Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.
Read the full article here