Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

Burp Suite 2.0 beta 开放测试

wpadmin~August 24, 2018 /InfoSec

Burp Suite 2.0 beta now available | Burp Suite 2.0 beta 开放测试

Burp Suite 2.0

原始消息

Significant parts of Burp’s existing codebase have been completely rewritten or heavily modified, and there is a mass of new code. This is very much a beta release, and we expect Burp Suite 2.* to remain officially in beta for an extended period while problems are identified and ironed out.

You should use Burp 2.0 if you want to try out its cutting-edge features and are happy to accept:

  1. There are bugs.
  2. It might miss some vulnerabilities that Burp 1.* can find.
  3. You might lose your work.
  4. It might perform poorly.
  5. We will be releasing annoyingly frequent bugfix updates.

If you prefer the stability and integrity of a mature, battle-hardened product with an already awesome feature set, then please continue using Burp 1.* until we are officially out of beta.

https://portswigger.net/blog/burp-suite-2-0-beta-now-available

BurpSuite 2.0 beta 进行了大量重构,存在大量新代码,因此也有大量的潜在 bug.
此外,设计思路与 1.x 有着很大的不同。

建议谨慎使用,灰度过渡。

Burp Suite 2.0 的新功能

1 一个新的爬虫引擎(crawler,),能够自动处理会话(automatically handle sessions),检测应用程序状态的变化(detect changes in application state),有多次登录抓取 (crawl with multiple logins) 和 处理”不稳定/易失性的内容” ()。
2 一种新的扫描引擎,具有自动会话处理(automatic session handling),多个扫描阶段 (multiple scan phases),存储型输入检测能力提高 (improved detection of stored input) ,整合全站被动问题(consolidation of site-wide passive issues),有效处理频繁发生的插入点(frequently occurring insertion points),以及优雅处理应用程序错误 (handling of application errors)。
3 一种新的动态 JavaScript 分析器,可显着改善对基于 DOM 的漏洞的检测。
4 用于监视和控制自动化活动的新仪表板。
5 新的扫描启动器 (Scann Launcher),以及执行多个并行扫描的能力。
6 全新的实时扫描功能。
7 通过中央任务执行引擎改进系统资源管理。
8 用于存储有用设置的新配置库 (configuration library)。
9 用于与其他工具集成的新 REST API 。
10 一个新的响应渲染器,其功能与任何现代浏览器更加一致。

参考资料

Burp Suite 2.0 – Quick Review
https://ryan-villarreal.com/2018/08/24/burp-suite-2-0-quick-review/

Burp Suite 2.0 beta now available
https://portswigger.net/blog/burp-suite-2-0-beta-now-available

Logging BurpSuite with ELK Stack
https://ryan-villarreal.com/2018/06/28/elk-stack/

Leave a Reply

Your email address will not be published. Required fields are marked *