"Burp Suite Pro is my web app assessment tool-of-choice. It has made my life and my job easier so I can be more efficient."
Jed Mitten, Senior Security Consultant, MANDIANT
"We tried the others, but keep coming back to Burp Suite Pro. Nothing comes near it for application security testing."
Steve Lord, Mandalorian
For a long time, we've released updates to Burp Suite Free Edition every year or so, when Burp gets a new major version number. The Professional Edition is updated much more frequently, often a few times per month. Starting today, we will release updates to the Free Edition of Burp much more frequently. Every few versions of the Professional Edition will be accompanied by an update to the Free Edition.
This release adds a new scan check for external service interaction and out-of-band resource load via injected XML stylesheet tags. Burp now sends XML payloads containing injected stylesheet tags targeting a URL on the Collaborator server, and reports an appropriate issue based on any observed interactions (DNS or HTTP) that reach the Burp Collaborator server.
The release also fixes some issues.