Recently, PortSwigger has released a brand-new version of Burp Suite for Professional and Community users. The newly released version, Burp Suite 2022.5.1 contains numerous improvements and bug fixes.
Burp Suite is well-known by its informal name, “Pentester’s Swiss Army Knife,” it’s a complete set of tools for web application pentesters. This security tool is developed and maintained by PortSwigger, and it’s written in Java that allows security testing of web applications.
The Burp Suite is the ultimate toolset designed for web application pentesters. It is their most reliable companion and provides them with a complete set of tools.
It contains various internal tools of the following:-
- Collaborator client
PortSwigger created and maintains this pentesting tool for web applications, written in Java, that can be used to test web applications from the browser.
With this new release of Burp Suite, the developers have added one new feature that is particularly efficient and valuable:-
- JWT scan checks
Feedback on BApp performance impact
With the BApp Store, you can now see in-app feedback about how far some BApps place a load on your system because you can see how many resources they use.
In order to estimate the system impact, the following categories are used:-
- Memory: Essentially, it indicates how much of an impact the BApp is likely to have on the usage of memory by Burp Suite.
- CPU: You can see an estimate on it of how much additional work your computer has to do as a consequence of the BApp.
- Time: The figure highlights the impact of the Burp Suite BApp on the time it takes to load.
- Scanner: It presents the likely impact on the amount of time required for a scan.
- Overall: Among all of these categories, this one has the highest impact rating.
New Features & Improvements
Here below we have mentioned all the newly added features and improvements in Burp Suite 2022.5.1:-
- The list of insertion points for scanning has been expanded to include a handful of Google Analytics cookies that are commonly used.
- During this revision, developers have tweaked the mechanism by which they identified locations to audit after the crawl is complete in order to improve the performance of the Burp Scanner.
- With the new feature of defining separate timeouts for the crawl and audit phases, you will be able to override the global project settings that are included in your scan configuration.
- Improved Repeater tab behavior
- Set headers in session handling options
- Skip unauthenticated crawling during scans
- Verify upstream TLS
- Browser upgrade (Chromium 102.0.5005.61)
- Changes to Java requirements
Here below we have mentioned all the bug fixes:-
- There were some performance issues that users experienced when using Intruder with large resource pools has been fixed now.
- This update fixes a problem that caused the Copy Attack Configuration menu item in the Intruder to sometimes not respond.
- There was a problem with scan configurations that has been fixed.
- The live passive crawl task did not automatically process responses pushed by repeaters as a result of a bug that had been fixed in this release.