Saturday, December 2, 2023

Burp Suite 2022.5.1 Released – What’s New !!

Recently, PortSwigger has released a brand-new version of Burp Suite for Professional and Community users. The newly released version, Burp Suite 2022.5.1 contains numerous improvements and bug fixes.

Burp Suite is well-known by its informal name, “Pentester’s Swiss Army Knife,” it’s a complete set of tools for web application pentesters. This security tool is developed and maintained by PortSwigger, and it’s written in Java that allows security testing of web applications.

The Burp Suite is the ultimate toolset designed for web application pentesters. It is their most reliable companion and provides them with a complete set of tools. 

It contains various internal tools of the following:-

  • Proxy
  • Target
  • Scanner
  • Spider
  • Intruder
  • Repeater
  • Collaborator client
  • Clickbandit
  • Sequencer
  • Decoder
  • Extender
  • Comparer

PortSwigger created and maintains this pentesting tool for web applications, written in Java, that can be used to test web applications from the browser.

With this new release of Burp Suite, the developers have added one new feature that is particularly efficient and valuable:-

  • JWT scan checks

Feedback on BApp performance impact

With the BApp Store, you can now see in-app feedback about how far some BApps place a load on your system because you can see how many resources they use.

In order to estimate the system impact, the following categories are used:-

  • Memory: Essentially, it indicates how much of an impact the BApp is likely to have on the usage of memory by Burp Suite.
  • CPU: You can see an estimate on it of how much additional work your computer has to do as a consequence of the BApp.
  • Time: The figure highlights the impact of the Burp Suite BApp on the time it takes to load.
  • Scanner: It presents the likely impact on the amount of time required for a scan.
  • Overall: Among all of these categories, this one has the highest impact rating.

New Features & Improvements

Here below we have mentioned all the newly added features and improvements in Burp Suite 2022.5.1:-

  • The list of insertion points for scanning has been expanded to include a handful of Google Analytics cookies that are commonly used.
  • During this revision, developers have tweaked the mechanism by which they identified locations to audit after the crawl is complete in order to improve the performance of the Burp Scanner.
  • With the new feature of defining separate timeouts for the crawl and audit phases, you will be able to override the global project settings that are included in your scan configuration.
  • Improved Repeater tab behavior
  • Set headers in session handling options
  • Skip unauthenticated crawling during scans
  • Verify upstream TLS
  • Browser upgrade (Chromium 102.0.5005.61)
  • Changes to Java requirements

Bug Fixes

Here below we have mentioned all the bug fixes:-

  • There were some performance issues that users experienced when using Intruder with large resource pools has been fixed now.
  • This update fixes a problem that caused the Copy Attack Configuration menu item in the Intruder to sometimes not respond.
  • There was a problem with scan configurations that has been fixed.
  • The live passive crawl task did not automatically process responses pushed by repeaters as a result of a bug that had been fixed in this release.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles