Thursday, January 27, 2022

Burp Suit v1.5.04 Released

This release adds an in-tool repository for the new extensibility APIs. The Extender / APIs tab lists all of the interfaces available in the current build of Burp, and lets you browse these and save the interface and Javadoc files locally.

Various updates have been made to the draft extensibility API, based on user feedback:

  • IBurpExtenderCallbacks has two new methods, saveExtensionSetting() andloadExtensionSetting(), which extensions can use to persist configuration settings across reloads of the extension and of Burp.
  • You can now register an IScopeChangeListener to be notified when changes occur to the suite-wide target scope.
  • There is a new ICookie interface, for holding details of HTTP cookies.
  • IResponseInfo has a new method, getCookies(), which you can use to obtain details of any cookies that were issued in a response.
  • IRequestInfo has a new method, getBodyEncoding(), which you can use to determine the encoding used for the message body (URL, multipart, XML etc). Extensions that provide custom scanner checks can use this method to determine the appropriate encoding to apply to attack payloads that are being placed into insertion points in the request body.
  • IBurpExtenderCallbacks has two new methods, getCookieJarContents() andupdateCookieJar(), which extensions can use to query and update Burp’s session handling cookie jar, for use when dealing with unusual session handling mechanisms.
  • The IBurpExtenderCallbacks method customizeUiComponent() now cascades the action automatically to child components, to reduce the number of calls that you need to make to this method.
  • The IIntruderPayloadGeneratorFactory method createNewInstance() now receives an instance of a new interface, IIntruderAttack, which the extension can use to obtain details about the Intruder attack in which the payload generator will be used.

The last point is the only case where a method signature within the draft API has actually changed (as opposed to new methods and interfaces being added), so hopefully there are mininal effects on any extensions that people have created using the draft API.

The new API is now “final”, in the sense that we only anticipate making small incremental changes to the API for the foreseeable future, and those changes should be backwards compatible.

The final API and links to all the sample extensions are available here.

MD5: b8504df0907180c7ac887273f309fc14
SHA256: 099a26e903c0021ebf9a208ad62e86b41f77a6f27e541b1e640656e04b6bb58c

You can download the free version here:

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Unveiling the mask V1.0

Unveiling the mask V1.0, pdf write up and analysis by Kaspersky Labs. Excerpt from the …