Unlock enhanced API scanning with Burp Suite Enterprise Edition  –  Learn more

Professional / Community 2023.12.1

14 December 2023 at 13:37 UTC

SHA256: {SHA FROM OPTION GOES HERE} MD5: {MD5 FROM OPTION GOES HERE}

This release introduces Bambdas into Proxy > WebSockets history filter and Logger > View filter, as well as the ability to duplicate Repeater tabs multiple times. We have also enhanced the layout of Burp's Dashboard, added a Connection ID column to Logger, and improved the usability of data tables across Burp.

Advanced filtering in more tools with Bambdas

We're introducing Bambdas into more areas of Burp Suite. These Java-based code snippets enable you to customize Burp directly from the UI.

This release introduces Bambdas into two new areas of Burp:

  • Proxy > WebSockets history filter.
  • Logger > View filter.

We've also created a Bambdas GitHub repository, where you can browse submissions from community members or contribute your own Bambdas.

Keep an eye out for more Bambdas appearing across Burp in future releases!

Improved Dashboard

We've completely redesigned the Dashboard to make better use of on-screen space. You're now able to see detailed information about your scans and other tasks, without having to open additional popup windows.

To make room for all this information, we've moved the event log and the list of issues to a collapsible panel, which you access from the dock at the bottom of the screen.

Improved usability of tables in Burp

We've started rolling out major usability improvements to data tables in Burp. For most tables in Burp, in addition to sorting and filtering, you can now:

  • Change the order of columns.
  • Hide columns.

Burp remembers the changes you make to the layouts of your tables, and will apply your preferences when you create a new project, or open an existing project, on your machine.

Ability to duplicate Repeater tabs multiple times

We've added functionality that enables you to create multiple copies of a grouped Repeater tab in one go. This can be helpful if you're testing for race condition vulnerabilities as it makes the process of creating identical requests much more efficient.

Connection ID column added to Logger

We’ve added a Connection ID column to Logger, which enables you to see which requests used the same connection. This makes it easier to detect if a website’s behavior changes, based on previous requests sent down the same connection.

Other improvements

We've also made the following improvements:

  • We've added a Format BChecks action to the right-click menu, which can automatically adjust whitespace and indentation when writing BChecks.
  • Scanner now manages memory usage much more efficiently during the audit phase of browser-powered scans.
  • Scanner is now able to submit requests that match the Content-Type of non-standard JSON endpoints, for example, application/json-patch+json  or application/*+json .
  • Scanner can now send arrays as query string parameters when scanning an OpenAPI schema. This enables it to find more endpoints.
  • Scanner is now better able to identify - and disregard - duplicate items in different areas of your application during scans. This helps to reduce the time it takes for scans to complete.

Bug fixes

We've fixed a bug that prevented Notes from saving when clicking Save item or Save entire history in Repeater.

Browser upgrade

We've upgraded Burp's built-in browser to 120.0.6099.62 (Linux and Mac), 120.0.6099.62/.63 (Windows). For more information, see the Chromium release notes.