Portswigger has released its latest version of Burp Suite 2023.9.1, which includes a lot of additional features and bug fixes that can be helpful for security professionals and web application penetration testers.
Burp Suite has been one of the most used Penetration Testing tools used by security professionals and organizations worldwide. It has a Free or Community Edition, a Professional Edition, and an Enterprise Edition. All of them differ based on their implementation and usage.
New Improvements
Several additional features, like the new repeater functionality enable a single-packet attack feature that reduces the latency between the transmission and receiver, allowing users to send multiple requests in parallel.
Synchronization of these requests makes it easier to test for race conditions. In addition to this, Repeater can be grouped together to send parallel requests from all the tabs. These tabs can consist of multiple HTTP versions of the request which is synchronized using the last-byte synchronization of Repeater.
Further improvements include GraphQL introspection, project-level crawl path tab inclusion, and Reusing of HTTP/1 connections in the Intruder tab for speeding up the attack against the target.
Other Improvements
The new version of Burp Suite also includes automatic throttling settings in accordance with the resource pooling allowing users to configure Burp Scanner with a list of HTTP response codes that can delay the requests made with the scanner.
As part of the security improvement, Burp Suite has introduced the “Trust this Project” option, which will remove any harmful settings from the Burp Project file. This is extremely useful when these configuration files are downloaded from the internet.
An isolated scan feature has been introduced, which lets users view any isolated scan and its results. This option is also useful for conducting testing without affecting the live scan results.
Further improvements include Montoya API changes, Intermediate CA certificate specification for hardware tokens and smart cards, and custom SNI values in repeater.
Setting up a custom SNI value allows simulating external user interaction attacks detected by Scanner and Collaborator payloads.
Furthermore, several bug fixes and other new features have been introduced by Portswigger which can allow Security professionals to conduct much more sophisticated attacks and mitigations.