This is a significant upgrade with a wealth of new features added since v1.5, including:
- Support for WebSockets messages.
- Support for PKCS#11 client SSL certificates contained in smart cards and physical tokens.
- A new Extender tool, allowing dynamic loading and unloading of multiple extensions.
- A new powerful extensibility API, enabling extensions to customize Burp's behavior in much more powerful ways.
- Support for extensions written in Python and Ruby.
- A new BApp Store feature, allowing quick and easy installation of extensions written by other Burp users.
- An option to resolve DNS queries over a configured SOCKS proxy, allowing access to TOR hidden services.
- Generation of CSRF PoC attacks using a new cross-domain XHR technique.
- New options for SSL configuration, to help work around common problems.
- Optional unpacking of compressed request bodies in the Proxy.
- Support for .NET DeflateStream compression.
- New and improved types of Intruder payloads.
- New Proxy interception rules.
- New Proxy match/replace rules.
- Improved layout options in the Repeater UI.
- An SSL pass-through feature, to prevent Burp from breaking the SSL tunnel for specified domains.
- Support for the Firefox Plug-n-hack extension.
- An option to copy a selected request as a curl command.
And the best thing about Burp upgrades? No one pays for them ...
The Free Edition is and always will be free, despite its huge capabilities.
Burp Suite Professional still costs only $299, and all licensed users can upgrade without any extra charge. We haven't changed the price for two-and-a-half years, despite two major updates and nearly forty minor updates. Even better? We've already said that we won't be hiking the price during 2014.