Professional / Community 2023.3 |
您所在的位置:网站首页 › burp suite professional › Professional / Community 2023.3 |
This release introduces support for Collaborator payloads in Intruder attacks, improvements to the Montoya API, and upgrades to the browser and JRE. Collaborator payloads in Intruder attacksWe have updated Burp Intruder to enable the use of Collaborator payloads in attacks. This update includes: A new payload type that generates Collaborator payloads, then inserts these at your configured payload positions.A payload processing rule that replaces a specified placeholder regex with a collaborator payload. The default placeholder regex already matches a placeholder in the predefined payload lists.Collaborator interactions that result from an Intruder attack are shown in the Intruder results window, instead of the Collaborator tab. Montoya APIWe have continued to update the Montoya API: Every request and response now has a unique ID, so you can track which request caused each response.We have fixed a bug that prevented report generation through the Montoya API. In addition, issue references are now present on extension-generated reports.We have also continued to update our Montoya API support for WebSockets. You can now right-click a WebSocket message and use the context menu to send the message to your extension. SPA scanning improvementsThis release includes changes that enable Burp Scanner to better handle single-page applications (SPAs). Bug fixWe have upgraded DOM Invader to fix a bug whereby if a user disabled CSP with prototype pollution functionality enabled, then the system would continue to ignore CSP security headers when the user disabled prototype pollution. Browser upgradeThis release upgrades Burp's browser to Chromium 111.0.5563.64/.65. Java Runtime Environment (JRE) upgradeThis release upgrades Burp installer JRE to 19.0.2. This upgrade gives several security and performance benefits. |
今日新闻 |
推荐新闻 |
CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |