Cатсн²² (in)sесuяitу / ChrisJohnRiley

The Blog over at blog.portswigger.net has been buzzing for the last month about the new version of Burp Suite. After a short time in beta testing (with users of the professional version) it’s been released for those using the free version. I’ve had a quick look over the features and think that version 1.2 is a big step in the right direction.

I’ve flitted backwards between using OWASP’s Webscarab, and Burp Suite. As much as I’ve always wanted to go the free route and use Webscarab, something kept pulling me back to Burp. I guess it just makes things easier. The new version seems to fill in some gaps, and I’ll be looking at the pro license soon to really get the full benefit.

The professional version includes the new burp scanner (passive and active scanning) seems to fill a void a lot of people have been looking for. i.e. an affordable web-application scanner that actually works. No automated scan will find everything, but users of Burp suite already know that. so the addition of a scanner just seems to make sense at this point. One thing I wish was in the free version however was the save/restore session function. Then again, I can see why this is held back for the paying customers.

Some of the new features include .:

• Site map showing information accumulated about target applications in tree and table form
• Fully fledged web vulnerability scanner [Pro version only]
• Suite-level target scope configuration, driving numerous individual tool actions
• Display filters on site map and Proxy request history
• Ability to save and restore state [Pro version only]
• Suite-wide search function
• Support for invisible proxying

Checkout the full details at www.portswigger.net