Yo,

I hope this newsletter increases your productivity and helps you find more bugs. 😊

I’m excited to tell you three massive Burp Suite features in the latest release, extensions, and loads of tips & tricks in this newsletter issue.

If you got this newsletter for the first time, welcome onboard!!! Signing up for the newsletter was your first step in becoming the up-to-date hero of Burp Suite.

Follow Burp Suite Guide on Twitter, LinkedIn, or Telegram channel to get instant updates on Burp Suite.  

Now let’s continue.

PortSwigger has added some massive updates to this early adopter release. Out of multiple features and bug fixes, I would emphasize three:

1. Burp Scanner can now detect 8 common JWT vulnerabilities (which includes 6 high severity issues)

Burp Scanner can now detect the following common JWT issues:

“Burp Suite is slow” and “Burp uses a lot of CPU/RAM” are some common rants on social media. This statement doesn’t tell anything about the system configuration, the number of Burp extensions enabled, etc. With this amazing feature, one could get the answer to the question: “Is Burp slow because of the installed extensions?”

Next time someone tells that Burp Suite is slow, tell them to check the overall estimated system impact to make sure Burp is not slow because of extensions. 😉

To add a custom header you had to install the “Add Custom Header” extension and then invoke it using a session handling rule to add a single custom header (not more than that).

Now, you don’t need the extension. Setup the new session handling rule action “Set a specific header value” - to add custom headers/modify existing headers values, as many as you want 😀

Other improvements:

To know all the new features, check out the release notes of Burp Suite 2022.5 and 2022.5.1.

List of Burp Suite tips & tricks (by Aaron James of TrustedSec) that you wish you knew sooner.

This extension integrates the Burp Suite’s request logging with a custom application testing checklist. It helps pentesters who want to keep track of all web app functionalities, API endpoints, and vulnerability types tested.

BApp Store now has an improved UI. It allows to filter extensions based on Burp Suite editions and provides the system impact details of each extension.

A truly dope vulnerable web application by PortSwigger to help you improve your Burp Scanner techniques.

A research article by our very own PortSwigger Research team. Gareth Heyes tells how he bypassed CSP to achieve XSS despite the mitigations added to Chrome 97.

Did you learn something new from this newsletter? 🥺

Please share this newsletter with your friends, hackers & pentesters. Tweet about it, post it on social media or forward this newsletter email to others.

If you liked the newsletter, click the 👍 button below. If you have any specific feedback, shoot an email to [email protected].

Many thanks for considering my request.

Until next time 👋