Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Burp Suite v1.3 released
From: Michele Orru <antisnatchor () gmail com>
Date: Fri, 8 Jan 2010 22:25:21 +0100

Hi Dafydd,

are you planning to add support to Flash-based applications, something
like Charles (at least in the PRO version)?
I was thinking in something like integration with flare/flasm, or by
the way some mechanisms
to check for reflected XSS on every field exposed by the swf
(something like SWFintruder of Stefano, but in
an automatic way).

When pen testing flash-based apps, I've always to work with
SWFintruder, that is far good but
anyway something external from my favorite proxy (burp). I don't think
I can achieve the same results
using the Intruder to send XSS vectors, specifying the swf url with
its GET/POST parameters.

I think that actually there not exists any semi-automated proxy that
does something like that.
Correct me if I'm wrong.


Michele "antisnatchor" Orru'

On Fri, Jan 8, 2010 at 11:27 AM, PortSwigger <mail () portswigger net> wrote:

Burp Suite v1.3 is now available for free download at

This is a major upgrade with a host of new features, including:

- A new message editor/viewer optimised for HTTP requests and responses,
with colourised syntax, mouse-over decoding, and quick conversion functions.

- Facility to add comments and highlights to the proxy history and site map.

- Support for viewing and editing AMF-encoded messages.

- Improved handling of SSL server certificates, to eliminate browser SSL
warnings and connection problems with thick clients.

- Copy to file / paste from file to facilitate working with binary content.

- New display filters.

- Greatly enhanced extensibility.

- Configurable DNS resolution, to override your computer's own resolution,
facilitating work with non-proxy-aware clients.

- Fine-grained upstream proxy rules.

- Exporting of HTTP messages and metadata in XML format.

For more details see:


This list is sponsored by Cenzic
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]