Thursday, March 28, 2024

Burp Suite 2022.5.1 Released – What’s New !!

Recently, PortSwigger has released a brand-new version of Burp Suite for Professional and Community users. The newly released version, Burp Suite 2022.5.1 contains numerous improvements and bug fixes.

Burp Suite is well-known by its informal name, “Pentester’s Swiss Army Knife,” it’s a complete set of tools for web application pentesters. This security tool is developed and maintained by PortSwigger, and it’s written in Java that allows security testing of web applications.

The Burp Suite is the ultimate toolset designed for web application pentesters. It is their most reliable companion and provides them with a complete set of tools. 

It contains various internal tools of the following:-

  • Proxy
  • Target
  • Scanner
  • Spider
  • Intruder
  • Repeater
  • Collaborator client
  • Clickbandit
  • Sequencer
  • Decoder
  • Extender
  • Comparer

PortSwigger created and maintains this pentesting tool for web applications, written in Java, that can be used to test web applications from the browser.

With this new release of Burp Suite, the developers have added one new feature that is particularly efficient and valuable:-

  • JWT scan checks

Feedback on BApp performance impact

With the BApp Store, you can now see in-app feedback about how far some BApps place a load on your system because you can see how many resources they use.

In order to estimate the system impact, the following categories are used:-

  • Memory: Essentially, it indicates how much of an impact the BApp is likely to have on the usage of memory by Burp Suite.
  • CPU: You can see an estimate on it of how much additional work your computer has to do as a consequence of the BApp.
  • Time: The figure highlights the impact of the Burp Suite BApp on the time it takes to load.
  • Scanner: It presents the likely impact on the amount of time required for a scan.
  • Overall: Among all of these categories, this one has the highest impact rating.

New Features & Improvements

Here below we have mentioned all the newly added features and improvements in Burp Suite 2022.5.1:-

  • The list of insertion points for scanning has been expanded to include a handful of Google Analytics cookies that are commonly used.
  • During this revision, developers have tweaked the mechanism by which they identified locations to audit after the crawl is complete in order to improve the performance of the Burp Scanner.
  • With the new feature of defining separate timeouts for the crawl and audit phases, you will be able to override the global project settings that are included in your scan configuration.
  • Improved Repeater tab behavior
  • Set headers in session handling options
  • Skip unauthenticated crawling during scans
  • Verify upstream TLS
  • Browser upgrade (Chromium 102.0.5005.61)
  • Changes to Java requirements

Bug Fixes

Here below we have mentioned all the bug fixes:-

  • There were some performance issues that users experienced when using Intruder with large resource pools has been fixed now.
  • This update fixes a problem that caused the Copy Attack Configuration menu item in the Intruder to sometimes not respond.
  • There was a problem with scan configurations that has been fixed.
  • The live passive crawl task did not automatically process responses pushed by repeaters as a result of a bug that had been fixed in this release.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles