Product roadmap

Improved workflows

Feature enhancement

Faster analysis and decoding. An evolved user interface will make manual testing with Burp Suite more convenient than ever.

Enhanced Burp Intruder

Feature enhancement

More options for brute forcing and fuzzing. New payload types and placement options, richer results analysis, and incremental saving.

Integrated SCA capabilities

New feature

Perform software composition analysis (SCA) of client-visible code. Report JavaScript libraries in use that contain known vulnerabilities.

API scanning

New feature

Enumerate API endpoints to scan APIs in target applications. API scanning will utilize OpenAPI (Swagger) definitions.

Browser-powered scanning by default

New feature

Best-in-class coverage and scanning performance for challenging targets like AJAX-heavy single page app, with browser-driven (Chromium) scanning. Enabled by default.

Recorded login sequences

New feature

Better scrutinize login-related functionality by recording complex login sequences in a browser. Ideal for JavaScript-heavy logins, or single sign-on.

Automatic updates

New feature

Update without lifting a finger. Will include an optional early adopters' track - giving early access to new and experimental features.

New web cache poisoning scan checks

Done

Find cutting-edge vulnerabilities with Burp Scanner. Scan checks based on James Kettle's latest web cache poisoning research.

HTTP/2 support

Done

Use HTTP/2 for both inbound and outbound communication over TLS (beta feature). Also gives control of TLS protocols within Burp Proxy.

Render pages within Burp tools

Done

See exactly what you're looking at - without changing tab. Tools like Burp Repeater and Burp Intruder now allow you to render responses.

Read all release notes

Embedded browser for manual testing

Done

Proxy HTTPS traffic with no configuration necessary. Burp Suite's embedded Chromium browser can now take care of everything.

Pretty printing in the HTTP message editor

Done

Make code easier to work with. Burp Suite will prettify JSON, XML, HTML, CSS, and JavaScript within the HTTP message editor.

Browser-powered scanning enhancements

Done

Significant improvements to Burp Scanner - enabling enhanced performance and coverage of modern navigational patterns.