This release includes several enhancements that help you to better integrate Burp Suite Enterprise Edition with other web applications. It also adds support for some additional database versions, along with a significant number of minor improvements and bug fixes.
CORS whitelisting for enhanced integration with other web applications
If you want to integrate Burp Suite Enterprise Edition with a third-party web application, or one that you've developed yourself, it probably needs access to your sites and scan data. This release adds a new option that lets you whitelist trusted origins for cross-origin resource sharing (CORS) via the GraphQL API.
Improvements to the GraphQL API
- You can now include an optional
schedule_item_idparameter in a
scansquery. This makes it much easier to locate the
Scanthat was generated by a
ScheduleItemyou've just created.
- You can use the new
sitequery to fetch an individual
Siteby its ID. This means you no longer have to fetch the whole
SiteTreein order to query a specific known
- You can now send gzip-encoded data to the API.
Additional database support
Burp Suite Enterprise Edition now supports the following additional database versions:
- PostgreSQL 11, 12, and 13
- MariaDB 10.4 and 10.5
For a full list of databases that you can use with Burp Suite Enterprise Edition, please check the system requirements.
- If you upload an invalid recorded login script, you are now informed of this when you try to save so that you can fix the issue right away. Previously, you would only know that your script was invalid once a scan started and subsequently failed to log in.
- You can no longer add end-of-scan report recipients to a site unless an admin user has configured a connection to an email server. This helps prevent situations where you mistakenly believe that colleagues are receiving scan reports even though no emails are actually being sent.
- Burp Scanner's embedded Chromium browser is now stored in the data directory that you select in the installation wizard. Previously, this would be unpacked in your home directory, which was causing issues for some customers.
- On the "Site" > "Details" page, if you click on the
?icon to view the scan configuration, the configuration ID is now displayed in the URL in your browser's address bar for easier access.
- When you cancel a scan with errors, the error message is now displayed in the "Cancel scan" confirmation dialog.
- The link for the REST API is now generated using the correct domain name for your web server. Previously, the default IP address would still be used to generate the API link even if you had manually set a different "Web server URL" in the network settings.
- A problem with our site-tree caching has been fixed. This should dramatically improve performance when using our APIs.
- The database transfer tool no longer assumes that the agent user for the database is called
burp_agent. You can now use the tool even if you assigned a different username when setting up your database.
- A problem with the network settings page has been fixed. A bug in the previous release meant that you were unable to save changes to other settings while the "Use TLS" option was enabled.
- Adding client TLS certificates to a scan configuration now works as expected. A bug in the previous release meant that you would sometimes encounter a "value required" error when trying to upload a new certificate.
- We have also fixed several minor UI-related bugs that were introduced by some of our recent changes.
Cloud deployment links
We no longer provide AWS CloudFormation or Azure Resource Manager templates. We're releasing an improved, much simpler deployment method soon and recommend waiting for this instead.