login

Burp Suite, the leading toolkit for web application security testing

PortSwigger Web Security Blog

Tuesday, 15 April 2014

Burp Suite Free Edition v1.6 released

Burp Suite Free Edition v1.6 is now available to download.

This is a significant upgrade with a wealth of new features added since v1.5, including:
  • Support for WebSockets messages.
  • Support for PKCS#11 client SSL certificates contained in smart cards and physical tokens.
  • A new Extender tool, allowing dynamic loading and unloading of multiple extensions.
  • A new powerful extensibility API, enabling extensions to customize Burp's behavior in much more powerful ways.
  • Support for extensions written in Python and Ruby.
  • A new BApp Store feature, allowing quick and easy installation of extensions written by other Burp users.
  • An option to resolve DNS queries over a configured SOCKS proxy, allowing access to TOR hidden services.
  • Generation of CSRF PoC attacks using a new cross-domain XHR technique.
  • New options for SSL configuration, to help work around common problems.
  • Optional unpacking of compressed request bodies in the Proxy.
  • Support for .NET DeflateStream compression.
  • New and improved types of Intruder payloads.
  • New Proxy interception rules.
  • New Proxy match/replace rules.
  • Improved layout options in the Repeater UI.
  • An SSL pass-through feature, to prevent Burp from breaking the SSL tunnel for specified domains.
  • Support for the Firefox Plug-n-hack extension.
  • An option to copy a selected request as a curl command.
And the best thing about Burp upgrades? No one pays for them ...

The Free Edition is and always will be free, despite its huge capabilities.

Burp Suite Professional still costs only $299, and all licensed users can upgrade without any extra charge. We haven't changed the price for two-and-a-half years, despite two major updates and nearly forty minor updates. Even better? We've already said that we won't be hiking the price during 2014.

Have fun!

1 comment:

Anonymous said...

Good job. Would be great if you could add kerberos support for authentication over http :/


User Forum

Get help from other users, at the Burp Suite User Forum:

Visit the forum ›

Copyright 2014 PortSwigger Ltd. All rights reserved.