InfoSecBulletin Cybersecurity for mankind
PortSwigger has launched Burp Suite 2025.1, adding new features and improvements to enhance usability and efficiency for penetration testers. This update features major improvements to the Burp Intruder module, HTTP response analysis, and interaction management, as well as a browser upgrade and bug fixes.
Auto-Pause Intruder Attacks:
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
A key feature of this release is the new Auto-Pause Attack in Burp Intruder. It enables users to automatically pause attacks when certain conditions in HTTP responses are met.
Users can set the tool to pause an attack when a certain expression is detected or absent in the response. This feature improves memory efficiency during large attacks and allows testers to concentrate on relevant results automatically.
Content-Length Mismatch Highlighting:
Burp Suite now automatically highlights differences in the Content-Length response header to improve vulnerability detection.
If the length stated in the header doesn’t match the actual response size, it will be flagged. This improvement helps detect problems such as HTTP request smuggling and other server response issues.
CSV Export for Collaborator Interactions:
Burp Collaborator now allows users to export interaction data as CSV files, simplifying the process for security professionals to include detailed logs in reports or presentations.
Users can now mark interactions as “read,” making it easier to distinguish between reviewed and new activities.
Bug Fixes:
Several bugs have been resolved in this release to improve stability and user experience:
Fixed an issue where the Home and End keys caused incorrect cursor positioning in the message editor.
Resolved a problem with Burp Logger’s view filter not reapplying correctly after reaching capture limits.
Addressed a bug that prevented newly saved configurations from appearing in the configuration library without restarting Burp.
Corrected payload encoding issues when creating new Intruder tabs with encoding disabled.
Fixed non-functional hotkeys for adding notes in Burp Organizer and Repeater.
Resolved copy-paste issues on Linux and Windows for BCheck preview screens.
Fixed problems with extension-provided tabs disappearing when loading multiple extensions, especially those with WebSocket message editor implementations.
Burp Suite’s integrated browser is now updated to Chromium version 132.0.6834.84 for Windows and macOS, and 132.0.6834.83 for Linux. This guarantees compatibility with modern web standards and improves performance in manual testing.
Burp Suite 2025.1 greatly improves usability, efficiency, and technical strength for penetration testers and cybersecurity experts.
The new auto-pause feature and improved response analysis will simplify workflows and enhance web application testing. Users should update to the latest version for improved security assessments.
