The amount of time this will save is immense. Like I had mentioned above this allows for the engineer to specify multiple scan settings and perform audits concurrently. This is only an example of one scanner running at a time.įortunately, for web application testers everywhere Burp Suite now has support for running multiple scans in parallel. The screenshot below demonstrates the competition of a crawler and auditor. The screenshot below shows the crawler and the auditing of Juice shop live. I feel this is a great UI choice for usability. Not exactly a new feature to Burp Suite, but the added tab in the scanning configuration modal helps make the login credentials more accessible. The spider has the same amount of granularity as well.
BURP SUITE PROFESSIONAL BETA HOW TO
I did send a bug report to Portswigger, and hopefully they will address either my stupidity or the feature.Īs you can see from the screenshot below though, that the scanner configuration page gives you a large amount of input on how to perform the auditing of the web application. I am not sure if there is something I am missing, but I cannot get the Burp Suite scanning configuration sections to change from not defined to defined. However, during the process of playing around with the new scanning configurations I may or may not have found a bug in the beta software. Such as setting up a scanning configuration that will be predominantly used for auditing the JavaScript files from a web application. This is exciting as I can use multiple scanning configurations for different portions of the web application. As you can see you can be very granular in how you setup a scanning configuration. The screenshot below shows the new scanning and spider configuration page. Many of the features from previous builds of Burp Suite are still available, but might have been moved around. The new scanning feature will pop up with a modal that will allow you to define your configurations. Of course you can always right click on an item in the target tab and choose to scan individual branches or hosts. Instead we are left with the two green buttons new scan and new live task. One quick change if you can see clearly enough from the screenshot above is that there is no longer a scanner or a spider tab on the top row of the dashboard. Along with a new look and feel Burp Suite's 2.0 release looks to improve performance and reliability of testing web applications.
A new dynamic JavaScript analyzer, with dramatically improved detection of DOM-based vulnerabilities.A new scanning engine, featuring automatic session handling, multiple scan phases, improved detection of stored input, consolidation of site-wide passive issues, efficient treatment of frequently occurring insertion points, and graceful handling of application errors.A new crawler, able to automatically handle sessions, detect changes in application state, crawl with multiple logins, and deal with volatile content.The company lists some of the new additions on their site, this is a direct copy from the official site: The beta is currently only available for professional accounts, with a community edition being released at a later time.
BURP SUITE PROFESSIONAL BETA UPDATE
Before yesterday, the version was 1.7.37, but as of this newest release the company has moved to a major update and is now released Beta 2.0. Yesterday on August 23rd, Portswigger released a major update to the infamous web application vulnerability scanner Burp Suite.
0 kommentar(er)
