Monday, November 26, 2007

The new burp beta

The beta version of the new release of Burp Suite is now available.
This is a major release, containing several new tools and features. Highlights include:
  • Improved analysis and rendering of HTTP requests and responses wherever they appear.
  • Burp Sequencer, a new tool for analysing session token randomness.
  • Burp Decoder, a new tool for performing manual and intelligent decoding and encoding of application data.
  • Burp Comparer, a new utility for performing a visual diff of any two data items.
  • Support for custom client certificates (in all tools) and custom server certificates in Burp Proxy.
  • Ability to follow 3xx redirects in Burp Intruder and Repeater attacks.
  • Improved interception and match-and-replace rules in Burp Proxy.
  • A fix for the Intruder payload positions bug affecting some Linux users.
  • A "lean mode", for users who prefer less functionality and a smaller resource footprint.
I'm aiming to complete the final release fairly shortly, so if you have any problems or bugs, please let me know as soon as possible, either via email or in the comments. The new release requires Java version 1.5 or later, so make sure you have the latest JRE installed.