Changelog

• Multi-step Scanning — Profiles now support multiple steps, enabling complex attack chains and multi-stage vulnerability testing. Each step can define its own payloads, match rules, and detection logic. Includes cookie reuse across steps for authenticated workflows, per-step request/response viewing in scan results, and path discovery per step.
• Global Variables System — New user-managed variable system from the Options tab. Define and customize variables like {EMAIL}, {BC}, {RANDOM}, {CURRENT_URL}, {CURRENT_HOST}, {CURRENT_PORT}, {CURRENT_COOKIES}, {CURRENT_USER_AGENT}, {CURRENT_REFERER}, and more. Custom variables are dynamically replaced in payloads, greps, and raw requests.
• Time-based Detection Engine — New time delay matching logic for detecting timing-based vulnerabilities (e.g., sleep-based SQL injection, blind command injection). Supports three comparison modes: "Between", "Greater than", and "Less than", with configurable thresholds in seconds. Fully integrated into multi-step scanning workflows.
• URL Filtering for All Scan Types — FilterURLs popup now appears before Active, Passive, and Smart scanning, giving full control over scope, domains, and file extensions before launching scans.

• Non-modal Dialogs — All profile, rule, and tag editors are now non-blocking. Edit profiles while interacting with Burp Suite, compare multiple profiles side by side, or review scan results while configuring new profiles.
• Profile & Rule Duplication — New "Duplicate" button on all profile tabs (Active, Passive Request, Passive Response) and Rules. Creates copies with automatic naming (Name Copy, Name Copy1, Name Copy2...).
• Double-click to Edit — Double-click any profile or rule row to open the editor directly, without needing the Edit button.
• Payload & Grep Markers — Highlighted in red for better visibility when editing profiles.
• Improved Grep Table — Increased height for better readability of match patterns.

• PausableThreadPoolExecutor — New thread pool implementation that supports pause/resume without terminating threads, enabling graceful scan suspension and resource optimization.
• Configurable thread pools for active scanning, passive scanning, and smart scanning, each with independent concurrency control.
• Request throttling — Configurable per-request delay (in milliseconds) to control scan speed, avoid WAF detection, and reduce server load.
• Early filtering pipeline — URL extension, response code, and content-type checks are applied before making HTTP requests, drastically reducing unnecessary traffic.
• Duplicate avoidance — Tracks scanned issue/host combinations to prevent re-scanning the same issue on the same endpoint.
• Redirect loop protection — Maximum of 30 redirects per payload request to prevent infinite redirect chains.
• Scan timeout detection — Configurable timeout (default 60 minutes) that marks scans as Failed and releases resources automatically.
• Queue-based task management for efficient task scheduling and idle state detection.
• Atomic scan ID generation for thread-safe concurrent scan management.
• Passive scan exclusion list — Automatic filtering of static file extensions (jpg, gif, png, css, svg, etc.) to skip unnecessary passive analysis.
• Grep matching optimization — Separates AND/OR logic into grouped evaluation, enabling short-circuit on first OR match.
• Max concurrent scans with configurable limit and graceful 30-minute shutdown timeout.

• LicenseSpring Integration — Professional license management with activation/deactivation, expiration tracking, and license status display.
• Persistent Settings — All configuration (threads, timeouts, proxy, scan preferences) persisted across Burp Suite sessions.
• Auto-load BurpBountyData — Fixed first-launch path detection for automatic profile loading.

• Dual-view Dashboard — Detailed per-request log tracking host, method, path, status, response time, rule/profile name, severity, and confidence. Summary view aggregates vulnerability counts (info, low, medium, high) by domain.
• Scanner Log — Real-time scan progress tracking with pause/resume/stop controls per scan instance.

• Streamlined Options Tab — Cleaner settings panel, simplified configuration.
• Updated About Page — New commercial description reflecting Burp Bounty Pro 3.0.0 capabilities.
• Improved Step Options Layout — Better UI layout for multi-step configuration.