WebApp Sec mailing list archives
Re: Burp Suite v1.3 released
From: Michele Orru <antisnatchor () gmail com>
Date: Fri, 8 Jan 2010 22:25:21 +0100
Hi Dafydd, are you planning to add support to Flash-based applications, something like Charles (at least in the PRO version)? I was thinking in something like integration with flare/flasm, or by the way some mechanisms to check for reflected XSS on every field exposed by the swf (something like SWFintruder of Stefano, but in an automatic way). When pen testing flash-based apps, I've always to work with SWFintruder, that is far good but anyway something external from my favorite proxy (burp). I don't think I can achieve the same results using the Intruder to send XSS vectors, specifying the swf url with its GET/POST parameters. I think that actually there not exists any semi-automated proxy that does something like that. Correct me if I'm wrong. Thanks Michele "antisnatchor" Orru' http://antisnatchor.com On Fri, Jan 8, 2010 at 11:27 AM, PortSwigger <mail () portswigger net> wrote:
Burp Suite v1.3 is now available for free download at http://portswigger.net/suite/ This is a major upgrade with a host of new features, including: - A new message editor/viewer optimised for HTTP requests and responses, with colourised syntax, mouse-over decoding, and quick conversion functions. - Facility to add comments and highlights to the proxy history and site map. - Support for viewing and editing AMF-encoded messages. - Improved handling of SSL server certificates, to eliminate browser SSL warnings and connection problems with thick clients. - Copy to file / paste from file to facilitate working with binary content. - New display filters. - Greatly enhanced extensibility. - Configurable DNS resolution, to override your computer's own resolution, facilitating work with non-proxy-aware clients. - Fine-grained upstream proxy rules. - Exporting of HTTP messages and metadata in XML format. For more details see: http://blog.portswigger.net/2010/01/burp-suite-v13-released.html Cheers PortSwigger This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Burp Suite v1.3 released PortSwigger (Jan 08)
- Re: Burp Suite v1.3 released Michele Orru (Jan 08)
- RE: Burp Suite v1.3 released PortSwigger (Jan 11)
- Re: Burp Suite v1.3 released Michele Orru (Jan 08)