- You can now configure multiple attacks indepedently in separate tabs (as with Burp Repeater). You can copy attack configurations between tabs, or save configurations for later use.
- Payload positioning now uses the same feature-rich editor as other tools, and fully preserves binary/non-printing characters.
- There are several new payload sources, including a bit flipper, character frobber and username generator.
- The existing simple payload processing options (for encoding, etc.) are replaced with a rules-based processor which can perform arbitrarily many actions, such as match/replace, prefix/suffix, substring, case modification, encoding, decoding and hashing.
- All feasible attack configuration options can now be modified during a live attack, and have immediate effect, including the base request template, payloads, grep settings and thread count.
- Each attack optionally performs an unmodified baseline request, to enable easy comparison with the results of actual attack requests.
- The attack results table contains the same rich functionality as the Proxy history, with a configurable filter, annotation of items with comments and highlights, and a preview pane for quick viewing of requests and responses.
- Selected result items can be flagged to be re-requested (e.g. if network errors or timeouts have occurred).
- When an attack is configured to follow redirects, all intermediate responses and requests are recorded in the results viewer.
The new release should be available later this week.