Saturday, July 13, 2024

Burp Suite 2022.5.1 Released – What’s New !!

Recently, PortSwigger has released a brand-new version of Burp Suite for Professional and Community users. The newly released version, Burp Suite 2022.5.1 contains numerous improvements and bug fixes.

Burp Suite is well-known by its informal name, “Pentester’s Swiss Army Knife,” it’s a complete set of tools for web application pentesters. This security tool is developed and maintained by PortSwigger, and it’s written in Java that allows security testing of web applications.

The Burp Suite is the ultimate toolset designed for web application pentesters. It is their most reliable companion and provides them with a complete set of tools. 

It contains various internal tools of the following:-

  • Proxy
  • Target
  • Scanner
  • Spider
  • Intruder
  • Repeater
  • Collaborator client
  • Clickbandit
  • Sequencer
  • Decoder
  • Extender
  • Comparer

PortSwigger created and maintains this pentesting tool for web applications, written in Java, that can be used to test web applications from the browser.

With this new release of Burp Suite, the developers have added one new feature that is particularly efficient and valuable:-

  • JWT scan checks

Feedback on BApp performance impact

With the BApp Store, you can now see in-app feedback about how far some BApps place a load on your system because you can see how many resources they use.

In order to estimate the system impact, the following categories are used:-

  • Memory: Essentially, it indicates how much of an impact the BApp is likely to have on the usage of memory by Burp Suite.
  • CPU: You can see an estimate on it of how much additional work your computer has to do as a consequence of the BApp.
  • Time: The figure highlights the impact of the Burp Suite BApp on the time it takes to load.
  • Scanner: It presents the likely impact on the amount of time required for a scan.
  • Overall: Among all of these categories, this one has the highest impact rating.

New Features & Improvements

Here below we have mentioned all the newly added features and improvements in Burp Suite 2022.5.1:-

  • The list of insertion points for scanning has been expanded to include a handful of Google Analytics cookies that are commonly used.
  • During this revision, developers have tweaked the mechanism by which they identified locations to audit after the crawl is complete in order to improve the performance of the Burp Scanner.
  • With the new feature of defining separate timeouts for the crawl and audit phases, you will be able to override the global project settings that are included in your scan configuration.
  • Improved Repeater tab behavior
  • Set headers in session handling options
  • Skip unauthenticated crawling during scans
  • Verify upstream TLS
  • Browser upgrade (Chromium 102.0.5005.61)
  • Changes to Java requirements

Bug Fixes

Here below we have mentioned all the bug fixes:-

  • There were some performance issues that users experienced when using Intruder with large resource pools has been fixed now.
  • This update fixes a problem that caused the Copy Attack Configuration menu item in the Intruder to sometimes not respond.
  • There was a problem with scan configurations that has been fixed.
  • The live passive crawl task did not automatically process responses pushed by repeaters as a result of a bug that had been fixed in this release.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.


Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles