Changelog

Full release history for Burp Bounty Pro. Click any version to expand the details.

v3.1.0

Latest March 2026
AI Scanner
  • AI-Powered Vulnerability Analysis — New AI Scanner that analyzes HTTP requests and responses using artificial intelligence to automatically identify attack surfaces, correlate parameters with vulnerability types, detect technologies, and recommend the most relevant scan profiles from your library.
  • Multi-Provider Support — Works with OpenAI, Anthropic (Claude), Google Gemini, OpenRouter, and local models via Ollama. Use any model available through these providers by configuring the model name and endpoint.
  • Programmatic Response Analysis — Before sending data to the AI, a built-in analysis engine detects parameter reflections in the response body and headers, identifies reflection contexts (HTML body, JavaScript, CSS, HTML attributes, event handlers, URL attributes, comments), and reports security header presence.
  • Auto-Scan — When enabled, the AI Scanner automatically matches recommended profile names against your active profiles and launches them as active scans against the original request.
  • Customizable Prompts — Full control over the system prompt (profile taxonomy, analysis rules, confidence calibration, output schema) and user prompt template via the Edit Prompts dialog. Includes auto-upgrade detection for outdated saved prompts.
  • 12-Field Output Schema — Each AI finding includes: parameter, parameter type, insertion point hint, reflected status, reflection contexts, response content type, attack types, confidence, priority, technology detected, reasoning, and recommended profiles.
  • Technology Fingerprinting — Detects WordPress, Jira/Atlassian, Spring Boot, Grafana, GraphQL, Drupal, Symfony, and more from response headers, paths, and body content. Technology-specific CVE profiles are only recommended when evidence is found.
  • Per-Entry Controls — Pause, resume, and cancel individual AI analysis entries independently.
Scan Scope — Per-Host Deduplication
  • Per-Host Scan Scope — New scanScope field for active profiles. Per-URL (scanScope: 0, default) runs on every URL; Per-Host (scanScope: 1) runs once per host:port, with thread-safe deduplication. Ideal for path discovery, fixed-path CVE probes, and raw request profiles.
  • 63 Default Profiles Updated — Path discovery, CVE-specific, and raw request profiles classified as per-host. The remaining 193 profiles use per-URL scope. Backward compatible: profiles without scanScope default to per-URL.
  • Per-Host Scan Grouping — Per-host profiles are grouped into a single scanner table entry per domain, eliminating redundant "0/0 requests" entries when scanning multiple URLs from the same host.
Redesigned Scanners Tab
  • Dedicated Sub-Tabs — The scanner view is now organized into five sub-tabs: Active (per-request active scan logging), Passive (passive scan results with matched profiles), Smart (Smart Scan rule matches and launched profiles), AI (AI Scanner entries and findings), and Live (real-time passive scan activity).
  • Per-Tab Results Tables — Each sub-tab has its own results table, entry controls (pause/resume/cancel/remove), and request/response viewers.
  • Active Tab Highlighting — The Active sub-tab highlights in blue when Smart Scan or AI Scanner launches new active scans, indicating activity in that tab.
  • Live Scanner Panel — All live scanner toggles, scope settings, excluded extensions, and concurrency controls consolidated into the Live sub-tab. Toggle buttons turn green when active.
Context-Aware Scanner Settings
  • Adaptive URL Filter Popup — The scanner settings panel in the URL Filter popup now adapts based on the scan type, showing only relevant fields:
    • Active Scan: Threads, Active Concurrency, Requests/sec
    • Smart Scan: Threads, Passive Concurrency, Active Concurrency, Requests/sec
    • Passive Scan: Threads, Passive Concurrency
    • AI Scanner: Threads, AI Analysis Concurrency, Active Concurrency, Requests/sec
  • Match & Replace panel is hidden for passive scanner type to reduce clutter.
Scanning Improvements
  • Smart Scanner Improvements — Uses shared active scan pool instead of recreating the entire pool per rule match. Reports matched rule names and launched profile names to the new Smart Scanner tab. Accepts override thread/concurrency/RPS parameters from the scan launch dialog.
  • Passive Scanner Improvements — Accepts thread/concurrency/RPS parameters. Tracks matched profile names for reporting. Rewritten with pause/resume/cancel support and stale-execution detection via generation counters.
  • Dynamic Pool Sizing — New adjustCorePoolSize() method on the Scheduler for AI Scanner to temporarily expand the pool for blocked API tasks.
  • Error Logging Cleanup — Verbose multi-line stack traces replaced with clean single-line error messages with root cause extraction.
UI Improvements
  • API Key Validation Popup — Warning dialog when launching AI Scanner without an API key configured, with an OK button that navigates directly to Settings.
  • Settings Auto-Save on Unload — AI Scanner settings are saved from the current UI state when the extension unloads, even without clicking Save.
  • Settings Tab Reorganization — Options and Variables tabs consolidated into a Settings tab with General and Variables sub-tabs.
  • Dashboard Improvements — Column auto-resize enabled, horizontal scrollbar always visible. "Delete" renamed to "Remove Selected" with new "Clear" option added to context menus.
  • 256 Default Profiles — Updated profile library with scan scope classifications. 28 default Smart Scan rules.

v3.0.0

March 2026
Major New Features
  • Multi-step Scanning — Profiles now support multiple steps, enabling complex attack chains and multi-stage vulnerability testing. Each step can define its own payloads, match rules, and detection logic. Includes cookie reuse across steps for authenticated workflows, per-step request/response viewing in scan results, and path discovery per step.
  • Global Variables System — New user-managed variable system from the Options tab. Define and customize variables like {EMAIL}, {BC}, {RANDOM}, {CURRENT_URL}, {CURRENT_HOST}, {CURRENT_PORT}, {CURRENT_COOKIES}, {CURRENT_USER_AGENT}, {CURRENT_REFERER}, and more. Custom variables are dynamically replaced in payloads, greps, and raw requests.
  • Time-based Detection Engine — New time delay matching logic for detecting timing-based vulnerabilities (e.g., sleep-based SQL injection, blind command injection). Supports three comparison modes: "Between", "Greater than", and "Less than", with configurable thresholds in seconds. Fully integrated into multi-step scanning workflows.
  • URL Filtering for All Scan Types — FilterURLs popup now appears before Active, Passive, and Smart scanning, giving full control over scope, domains, and file extensions before launching scans.
New UI Features
  • Non-modal Dialogs — All profile, rule, and tag editors are now non-blocking. Edit profiles while interacting with Burp Suite, compare multiple profiles side by side, or review scan results while configuring new profiles.
  • Profile & Rule Duplication — New "Duplicate" button on all profile tabs (Active, Passive Request, Passive Response) and Rules. Creates copies with automatic naming (Name Copy, Name Copy1, Name Copy2...).
  • Double-click to Edit — Double-click any profile or rule row to open the editor directly, without needing the Edit button.
  • Payload & Grep Markers — Highlighted in red for better visibility when editing profiles.
  • Improved Grep Table — Increased height for better readability of match patterns.
Scanning Efficiency Improvements
  • PausableThreadPoolExecutor — New thread pool implementation that supports pause/resume without terminating threads, enabling graceful scan suspension and resource optimization.
  • Configurable thread pools for active scanning, passive scanning, and smart scanning, each with independent concurrency control.
  • Request throttling — Configurable per-request delay (in milliseconds) to control scan speed, avoid WAF detection, and reduce server load.
  • Early filtering pipeline — URL extension, response code, and content-type checks are applied before making HTTP requests, drastically reducing unnecessary traffic.
  • Duplicate avoidance — Tracks scanned issue/host combinations to prevent re-scanning the same issue on the same endpoint.
  • Redirect loop protection — Maximum of 30 redirects per payload request to prevent infinite redirect chains.
  • Scan timeout detection — Configurable timeout (default 60 minutes) that marks scans as Failed and releases resources automatically.
  • Queue-based task management for efficient task scheduling and idle state detection.
  • Atomic scan ID generation for thread-safe concurrent scan management.
  • Passive scan exclusion list — Automatic filtering of static file extensions (jpg, gif, png, css, svg, etc.) to skip unnecessary passive analysis.
  • Grep matching optimization — Separates AND/OR logic into grouped evaluation, enabling short-circuit on first OR match.
  • Max concurrent scans with configurable limit and graceful 30-minute shutdown timeout.
License & Configuration
  • LicenseSpring Integration — Professional license management with activation/deactivation, expiration tracking, and license status display.
  • Persistent Settings — All configuration (threads, timeouts, proxy, scan preferences) persisted across Burp Suite sessions.
  • Auto-load BurpBountyData — Fixed first-launch path detection for automatic profile loading.
Dashboard
  • Dual-view Dashboard — Detailed per-request log tracking host, method, path, status, response time, rule/profile name, severity, and confidence. Summary view aggregates vulnerability counts (info, low, medium, high) by domain.
  • Scanner Log — Real-time scan progress tracking with pause/resume/stop controls per scan instance.
UI Polish
  • Streamlined Options Tab — Cleaner settings panel, simplified configuration.
  • Updated About Page — New commercial description reflecting Burp Bounty Pro 3.0.0 capabilities.
  • Improved Step Options Layout — Better UI layout for multi-step configuration.