Burp Suite Professional 1.7.14 – The Leading Toolkit for Web Application Security Testing

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

 Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Burp Suite contains the following key components:

Burp is easy to use and intuitive, allowing new users to begin working right away. Burp is also highly configurable, and contains numerous powerful features to assist the most experienced testers with their work.

This release fixes the following security issues that were identified through our bug bounty program. Note that all of these issues involve the Burp user actively testing a malicious website that has been designed specifically to attack Burp Suite.

• If a user visits a malicious website in their browser, and in Burp selects a crafted request that was generated by that website, and uses either the “Request in browser” function or the “Generate CSRF Poc” and “Test in browser” function, then the malicious website can XSS an arbitrary website.
• If a user scans a malicious website and another website within the same Burp project, and exports all of the scan results as a single HTML report, and views that report in a browser, then the malicious website can capture the scan results for the other site.
• If a user scans a malicious website and another website within the same Burp project, then the malicious website might be able to capture the raw data of any Burp Collaborator interactions that were performed by the other website.

We are pleased that our bug bounty program has alerted us to these issues within Burp. As well as fixing known issues at source, we have taken a defense-in-depth approach to hardening Burp in response to them, including:

• Some functions within Burp’s in-browser interface that increased its attack surface have been removed altogether, including the Proxy history, the buttons to repeat requests and view responses, and support for the plug-n-hack Firefox extension.
• Scan issue descriptions, including those generated by Burp extensions, are now subject to an HTML whitelist that allows only formatting tags and simple hyperlinks.
• HTML scan reports now include a Content Security Policy directive that prevents execution of scripts in modern browsers.

Note: The security issues identified have all been fixed within Burp Suite. As a defense-in-depth measure, some hardening has also been performed of Burp Collaborator. It is recommended that users who have deployed a private Burp Collaborator server should update to the current version in a timely way.

A number of other enhancements were made, including:

• A number of improvements to existing Scanner checks to improve accuracy.
• When a request is sent to Repeater but never issued, the request is now stored in the Burp project file, so the initial unrequested item will reappear when the project is reopened.
• The Proxy listener now accepts SSL negotiations from browsers that are hardened only to support selected protocols and ciphers.