Burp Suite 2.0 beta is now available to Professional users.

This is a major upgrade, with a host of new features, including:

Use with caution

Significant parts of Burp’s existing codebase have been completely rewritten or heavily modified, and there is a mass of new code. This is very much a beta release, and we expect Burp Suite 2.* to remain officially in beta for an extended period while problems are identified and ironed out.

You should use Burp 2.0 if you want to try out its cutting-edge features and are happy to accept:

  • There are bugs.
  • It might miss some vulnerabilities that Burp 1.* can find.
  • You might lose your work.
  • It might perform poorly.
  • We will be releasing annoyingly frequent bugfix updates.

If you prefer the stability and integrity of a mature, battle-hardened product with an already awesome feature set, then please continue using Burp 1.* until we are officially out of beta.

Product roadmap

Releasing major new software always involves a balance between waiting until it is perfect (if ever) and getting cool new features into the hands of users. We firmly believe that what we have built already is too good to withhold from users for any longer. But there are some important things left to do, which we will be addressing over the coming months:

  • The crawler still doesn’t handle JavaScript navigation properly. We plan to improve this to the point where Burp navigates just as well as a real browser.
  • The crawler doesn’t parallelize its work as much as it could, and doesn’t make full use of the configured maximum concurrent request limit. Addressing this will improve the speed of crawling in most cases.
  • The new crawler is missing some capabilities of the old Spider relating to discovery of content outside of normal browsing (robots.txt, links in HTML comments, etc.).
  • The site map still represents crawl results based only on URLs, and for GET requests contains one entry per unique URL. We plan to provide a visualization of the navigational graph that is generated by the crawl, and also support overloaded URLs within the site map itself.
  • The navigational graph that is generated by the crawl is only currently used during an audit that follows on directly, within a crawl-and-audit scan. We plan to make this data available for other purposes, including ad hoc auditing of selected items and manual testing tools such as Burp Repeater.
  • We know that people want improved tools for manual WebSockets testing. These are in the pipeline.

While it is still in beta, Burp 2.* will be available to licensed Professional users only. Following the beta phase, we will release a major update to Community Edition users.


Please enter your comment!
Please enter your name here

ten + twelve =