Burp Suite 2025.1, is packed with new features and enhancements designed to improve your web application testing workflow.
This latest version brings exciting upgrades like auto-pausing Burp Intruder attacks based on response content, exporting Collaborator interactions to CSV, highlighting Content-Length mismatches, a browser upgrade, and several bug fixes. Let’s dive into what’s new.
Game-Changing Features
Auto-Pause Intruder Attacks
The Auto-pause attack feature is a significant enhancement to Burp Intruder. This new functionality allows you to pause attacks automatically when specific criteria are met—such as when a specified expression appears in or is missing from the response.
This not only optimizes memory usage during large-scale attacks but also helps testers zero in on relevant responses without unnecessary manual intervention.
Are you from SOC/DFIR Teams? - Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free
Content-Length Mismatch Highlighting
Burp Suite is now smarter at identifying vulnerabilities! The tool will automatically flag HTTP responses where the Content-Length header value doesn’t match the actual response body size.
This feature is especially helpful in spotting issues like HTTP request smuggling, making your vulnerability assessment process faster and more accurate.
CSV Export for Collaborator Interactions
A highly requested feature, users can now export all Collaborator interactions as CSV files. This makes it easier to include detailed interaction logs in reports or proof-of-concept demonstrations.
Additionally, you can mark Collaborator interactions as read, allowing you to keep track of reviewed items and focus on new or important activities.
Bug Fixes and Usability Improvements
PortSwigger has resolved several bugs to enhance the user experience:
- Fixed issues with Home and End keys causing cursor misplacement in the message editor.
- The Burp Logger view filter now correctly reapplies after reaching the capture limit.
- Resolved a bug where new configurations were not displayed in the configuration library without restarting Burp.
- Addressed payload encoding character errors when creating a new Intruder tab.
- Fixed non-functional hotkeys (e.g., Add notes hotkey) in modules like Organizer and Repeater.
- Copying text using Ctrl+C in BCheck preview now works seamlessly on Linux and Windows.
- Extensions with WebSocket message editor implementations now load correctly, eliminating disappearing tabs.
Burp’s embedded browser has been upgraded to Chromium 132.0.6834.84 (Windows & macOS) and 132.0.6834.83 (Linux). This update ensures better security, compatibility, and performance in web testing environments.
With Burp Suite 2025.1, PortSwigger demonstrates its commitment to enhancing efficiency and accuracy for security testers.
Whether you’re running large-scale attacks, detecting subtle mismatches, or presenting findings, this release brings something useful for everyone.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar
