Burp Suite 2023.10.3.4 Released – What’s New!

Burp Suite 2023.10.3.4 is the name of the newest version of Burp Suite, which was just published by the PortSwigger developers.

The Burp Suite is a cybersecurity tool that is used for evaluating the security of online applications. It performs the role of an intercepting proxy and enables users to see and alter the traffic between a web browser and the application that focuses their attention.

Burp Suite helps identify and address security vulnerabilities, such as:-

It also helps identify other common web application flaws, making it an essential tool for ethical hackers and security professionals.

Document
Protect Your Storage With SafeGuard

Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.

What’s New?

The latest version of Burp Suite includes Bambdas, a filter for HTTP requests that can be customized using Java code snippets. Additionally, subdomains may be added to the target scope, TLS passthrough can be enabled for out-of-scope objects, and BChecks can be exported.

Here below, we have mentioned all the new additions:-

  • Advanced HTTP history filtering using Bambdas: Customize Burp Suite with Bambdas with the help of small Java code snippets now available in Proxy > HTTP history. Filter your HTTP history for precise results, eliminating noise. Try Bambdas in Proxy > HTTP history tab for a tailored experience.
  • Exporting BChecks: Easily share BChecks across Burp instances by exporting selected ones. See their GitHub repository for BChecks from PortSwigger and the Burp Suite community.
  • Increased support for notes throughout Burp: PortSwigger expands notes, allowing you to record key info on tabs for easy access later. Notes copy between tabs and tools for seamless use. Use the sidebar’s Notes panel to add and access notes efficiently.
  • TLS passthrough for out-of-scope items: Optimize performance by applying TLS passthrough for out-of-scope items in the target scope settings. It’s enabled automatically when choosing to Stop logging out-of-scope items.
  • Include subdomains in target scope: Expand target scope by including subdomains of selected hosts. Check ‘Include subdomains’ in Target > Scope settings to activate.
  • Improved Task details dialog:
  • Replaced the Details tab with Summary for easier navigation.
  • Includes critical vulnerabilities, task progress, and real-time task log.
  • New Issues tab lists all scan findings.
  • Renamed Issue activity to Audit log.
  • Easily view further details in the Event log with a single click.

Checks Grammar Enhancements:

  • A removing query_string action that removes an entire query string from a request.
  • A new variable that returns Burp’s User-Agent header.
  • A new pre-defined variable called insertion_point_base_value contains the base value of the current insertion point.
  • A new per-path BCheck template that you can base your checks on.
  • BChecks can now return more than one issue.
  • Developers have also updated the grammar version to v2-beta.

Other Improvements

After a scan, the Burp Scanner checks the Collaborator server every minute for 10 minutes, then reverts to 10-minute intervals. 

Besides this, the instant out-of-band interactions are now reported faster. Burp’s built-in browser upgraded to version:-

  • 119.0.6045.123 on Mac/Linux
  • 119.0.6045.123/.124 on Windows

You can download the lastest version of Burp Suite Here.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…

5 hours ago

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…

5 hours ago

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…

5 hours ago

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…

5 hours ago

New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

A security researcher discovered a vulnerability in Windows theme files in the previous year, which…

5 hours ago

SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins

The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…

6 hours ago