login

Burp Suite, the leading toolkit for web application security testing

PortSwigger Web Security Blog

Monday, 26 November 2007

The new burp beta

The beta version of the new release of Burp Suite is now available.

This is a major release, containing several new tools and features. Highlights include:

  • Improved analysis and rendering of HTTP requests and responses wherever they appear.

  • Burp Sequencer, a new tool for analysing session token randomness.

  • Burp Decoder, a new tool for performing manual and intelligent decoding and encoding of application data.

  • Burp Comparer, a new utility for performing a visual diff of any two data items.

  • Support for custom client certificates (in all tools) and custom server certificates in Burp Proxy.

  • Ability to follow 3xx redirects in Burp Intruder and Repeater attacks.

  • Improved interception and match-and-replace rules in Burp Proxy.

  • A fix for the Intruder payload positions bug affecting some Linux users.

  • A "lean mode", for users who prefer less functionality and a smaller resource footprint.

I'm aiming to complete the final release fairly shortly, so if you have any problems or bugs, please let me know as soon as possible, either via email or in the comments. The new release requires Java version 1.5 or later, so make sure you have the latest JRE installed.

Update: some people using JRE version 1.5 have been having problems, with NoSuchMethodError getting thrown in java.nio.charset.Charset. I thought this class was supported from 1.4 onwards, but it seems it isn't implemented in all JRE's. Switching to JRE 1.6 ought to fix the problem (not an option for Mac users, I know, although this may help you). I'll see if I can get around having to use that class for the final release.

Update2: I fixed the problem preventing the beta running on Java 1.5. Try v2 below if this was causing you problems.

Download beta v2.

beta v1. [doesn't run on Java v1.5]

Tuesday, 6 November 2007

Hacker's Handbook - online materials

A few people have emailed me asking where is the online material promised in The Web Application Hacker's Handbook. Apologies for the slight delay on that front. I have now posted almost everything to the location below, including answers to questions, source code, and the checklist of methodology tasks. The only thing not yet ready is the hacker's challenge, of which more in due course. The book's page on the Wiley web site will be updated shortly to point here:

http://portswigger.net/wahh/



User Forum

Get help from other users, at the Burp Suite User Forum:

Visit the forum ›

Copyright 2014 PortSwigger Ltd. All rights reserved.