This release introduces Burp Suite Mobile Assistant, a new tool to facilitate testing of iOS apps with Burp Suite. It supports the following key functions:
- It can modify the system-wide proxy settings of iOS devices so that HTTP(S) traffic can be easily redirected to a running instance of Burp. (Supported on iOS 8 and later.)
- It can attempt to circumvent SSL certificate pinning in selected apps, allowing Burp Suite to break their HTTPS connections and intercept, inspect and modify all traffic. (Supported on iOS 8 and 9).
Burp Suite Mobile Assistant runs on jailbroken devices running iOS 8 and later. For full details of how to install and use Burp Suite Mobile Assistant, please see the documentation.
A number of other minor enhancements and fixes have been made, including:
- The selected column ordering in the Proxy history is now remembered in user-level settings.
- Editing URL or cookie parameters in the "Params" view no longer loses the request body if it contains JSON/XML/etc.
- Performance when deleting multiple selected items from the Proxy history is significantly improved.
- Some memory problems encountered when scanning items with huge responses have been addressed.
- A new method has been added to the API: IMessageEditor.getSelectionBounds().