PortSwigger has released Burp Suite 2025.1, introducing several new features and improvements aimed at enhancing the tool’s usability and efficiency for penetration testers.
This update includes significant advancements in the Burp Intruder module, HTTP response analysis, and interaction management, alongside a browser upgrade and resolution of various bugs.
Key Features in Burp Suite 2025.1
Auto-Pause Intruder Attacks
A major highlight of this release is the new Auto-Pause Attack feature in Burp Intruder. This functionality allows users to automatically pause ongoing attacks when specific conditions are met in HTTP responses.
Users can configure the tool to pause an attack if a particular expression is detected (or missing) in the response content. This feature not only optimizes memory usage during large-scale attacks but also helps testers focus on relevant results without manual intervention.
Are you from SOC/DFIR Teams? - Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free
Content-Length Mismatch Highlighting
To streamline vulnerability detection, Burp Suite now automatically highlights discrepancies in the Content-Length response header.
If the declared length in the header does not match the actual size of the response body, it will be flagged. This enhancement is particularly useful for identifying issues like HTTP request smuggling or other anomalies in server responses.
CSV Export for Collaborator Interactions
Burp Collaborator has been updated to support exporting interaction data as CSV files. This makes it easier for security professionals to include detailed interaction logs in proof-of-concept reports or presentations.
Additionally, users can now mark interactions as “read,” helping them differentiate between reviewed and new activities more effectively.
Bug Fixes
Several bugs have been resolved in this release to improve stability and user experience:
- Fixed an issue where the Home and End keys caused incorrect cursor positioning in the message editor.
- Resolved a problem with Burp Logger’s view filter not reapplying correctly after reaching capture limits.
- Addressed a bug that prevented newly saved configurations from appearing in the configuration library without restarting Burp.
- Corrected payload encoding issues when creating new Intruder tabs with encoding disabled.
- Fixed non-functional hotkeys for adding notes in Burp Organizer and Repeater.
- Resolved copy-paste issues on Linux and Windows for BCheck preview screens.
- Fixed problems with extension-provided tabs disappearing when loading multiple extensions, especially those with WebSocket message editor implementations.
Browser Upgrade
Burp Suite’s integrated browser has been upgraded to Chromium version 132.0.6834.84 for Windows and macOS, and 132.0.6834.83 for Linux.
This ensures compatibility with modern web standards and enhances performance during manual testing workflows.
Burp Suite 2025.1 represents a significant step forward in usability, efficiency, and technical robustness for penetration testers and cybersecurity professionals.
The new features particularly auto-pause functionality and enhanced response analysis—are expected to streamline workflows while ensuring thorough testing of web applications.
For users looking to stay ahead in their security assessments, updating to this latest version is highly recommended.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar
