Burp Suite 2.0 beta now available | Burp Suite 2.0 beta 开放测试
Contents
Burp Suite 2.0
原始消息
Significant parts of Burp’s existing codebase have been completely rewritten or heavily modified, and there is a mass of new code. This is very much a beta release, and we expect Burp Suite 2.* to remain officially in beta for an extended period while problems are identified and ironed out.
You should use Burp 2.0 if you want to try out its cutting-edge features and are happy to accept:
- There are bugs.
- It might miss some vulnerabilities that Burp 1.* can find.
- You might lose your work.
- It might perform poorly.
- We will be releasing annoyingly frequent bugfix updates.
If you prefer the stability and integrity of a mature, battle-hardened product with an already awesome feature set, then please continue using Burp 1.* until we are officially out of beta.
https://portswigger.net/blog/burp-suite-2-0-beta-now-available
BurpSuite 2.0 beta 进行了大量重构,存在大量新代码,因此也有大量的潜在 bug.
此外,设计思路与 1.x 有着很大的不同。
建议谨慎使用,灰度过渡。
Burp Suite 2.0 的新功能
1 一个新的爬虫引擎(crawler,),能够自动处理会话(automatically handle sessions),检测应用程序状态的变化(detect changes in application state),有多次登录抓取 (crawl with multiple logins) 和 处理”不稳定/易失性的内容” ()。
2 一种新的扫描引擎,具有自动会话处理(automatic session handling),多个扫描阶段 (multiple scan phases),存储型输入检测能力提高 (improved detection of stored input) ,整合全站被动问题(consolidation of site-wide passive issues),有效处理频繁发生的插入点(frequently occurring insertion points),以及优雅处理应用程序错误 (handling of application errors)。
3 一种新的动态 JavaScript 分析器,可显着改善对基于 DOM 的漏洞的检测。
4 用于监视和控制自动化活动的新仪表板。
5 新的扫描启动器 (Scann Launcher),以及执行多个并行扫描的能力。
6 全新的实时扫描功能。
7 通过中央任务执行引擎改进系统资源管理。
8 用于存储有用设置的新配置库 (configuration library)。
9 用于与其他工具集成的新 REST API 。
10 一个新的响应渲染器,其功能与任何现代浏览器更加一致。
参考资料
Burp Suite 2.0 – Quick Review
https://ryan-villarreal.com/2018/08/24/burp-suite-2-0-quick-review/
Burp Suite 2.0 beta now available
https://portswigger.net/blog/burp-suite-2-0-beta-now-available
Logging BurpSuite with ELK Stack
https://ryan-villarreal.com/2018/06/28/elk-stack/
Leave a Reply