PortSwigger, the provider of advanced web application security tools, has released a new version of Burp Suite, the integrated platform for web application security testing. The latest version, Burp Suite 2023.6, is designed for both Professional and Community users.
The key highlight of Burp Suite 2023.6 is the introduction of BChecks, a new type of custom scan check that can optimize your scans and enhance the effectiveness of your testing operation. These importable and creatable scan checks are performed in addition to the built-in scanning process by Burp Scanner. With the help of the custom-defining language, users can create BChecks quickly, and Burp also comes with many starter templates.
Apart from the introduction of BChecks, the latest version has also made improvements to Burp Scanner’s live crawl paths view. Now, you can see specific details of every navigation step the crawler was able to perform from a certain point on the crawl path. You can also see a screenshot of Burp’s browser from any crawl location. If you reopen a project file, the smallest crawl path tree will be kept.
The new release of Burp Suite also includes GraphQL scan checks, which enable users to identify and maintain a list of any GraphQL endpoints discovered during the crawl. You can also find out if introspection queries and suggestions are enabled and test for CSRF vulnerabilities in all discovered GraphQL endpoints.
In addition to the above enhancements, Burp Suite 2023.6 also includes bug fixes and other improvements. PortSwigger’s Montoya API update allows users to create extensions that provide expanded functionality. Using the shortcut Ctrl + Shift + O, users can now easily switch to the Organiser tab, and they can filter issues by target scope in the Dashboard’s Issue activity table.
Furthermore, the latest version has upgraded Burp’s built-in browser to version 114.0.5735.110 for Windows and 114.0.5735.106 for Mac and Linux. According to the release notification, this update contains multiple security fixes.
Burp Suite is known for its smooth integration of tools that assist the entire testing process, from initial mapping and analysis of an application’s attack surface to detecting and exploiting security vulnerabilities. The Community Edition of Burp Suite is available for free, and the Professional version is available for purchase.
Users can download the latest version of Burp Suite from the PortSwigger website or via the Early Adopter channel. The Early Adopter channel is available for users who want to test the latest features and provide feedback to PortSwigger.