![]() The issue activity infographic is very much the same, and just to make sure I wanted to see if Portswigger had made any significant updates to the reporting section. ![]() The amount of time this will save is immense. Like I had mentioned above this allows for the engineer to specify multiple scan settings and perform audits concurrently. This is only an example of one scanner running at a time.įortunately, for web application testers everywhere Burp Suite now has support for running multiple scans in parallel. The screenshot below demonstrates the competition of a crawler and auditor. The screenshot below shows the crawler and the auditing of Juice shop live. I feel this is a great UI choice for usability. Not exactly a new feature to Burp Suite, but the added tab in the scanning configuration modal helps make the login credentials more accessible. The spider has the same amount of granularity as well. I did send a bug report to Portswigger, and hopefully they will address either my stupidity or the feature.Īs you can see from the screenshot below though, that the scanner configuration page gives you a large amount of input on how to perform the auditing of the web application. I am not sure if there is something I am missing, but I cannot get the Burp Suite scanning configuration sections to change from not defined to defined. However, during the process of playing around with the new scanning configurations I may or may not have found a bug in the beta software. Such as setting up a scanning configuration that will be predominantly used for auditing the JavaScript files from a web application. This is exciting as I can use multiple scanning configurations for different portions of the web application. As you can see you can be very granular in how you setup a scanning configuration. ![]() The screenshot below shows the new scanning and spider configuration page. Many of the features from previous builds of Burp Suite are still available, but might have been moved around. The new scanning feature will pop up with a modal that will allow you to define your configurations. Of course you can always right click on an item in the target tab and choose to scan individual branches or hosts. Instead we are left with the two green buttons new scan and new live task. One quick change if you can see clearly enough from the screenshot above is that there is no longer a scanner or a spider tab on the top row of the dashboard. Along with a new look and feel Burp Suite's 2.0 release looks to improve performance and reliability of testing web applications. A new response renderer that functions as well as any modern browser.įor testing I will be using the Juice Shop vulnerable machine that I have written about in previous blog posts.Īs shown in the screenshot above the new dashboard has a very different approach to giving the engineer the needed information during the test.A new REST API for integration with other tools.A new configuration library for storing useful settings. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |