7.5.011 (released August 20, 2024)

New Attack features and enhancements

• Added a new payload to the Information Disclosure module searching for the default naming of a CSRF Token in ASP.NET.
• Extended the JWT module to also look for JWTs in the Authorization Bearer token.
• Improved description for X-Frame-Options best practices findings to give better directions on how to mitigate the finding.
• Made improvements to FrontPage Attack Module to correct response analysis and fix an issue in vulnerability verification causing false positives.
• Made improvements to JWT Attack Module to correctly recognize server response 500 and not report a vulnerability.
• Made improvements to Resource Locator attack to fix validation scanning.

New Crawling/Scanning features and enhancements

• ALF traffic is now included in the traffic metadata log even if authentication fails. This should help troubleshooting auth errors.
• Improved how ALF maxRetry is handled within the R7Crawler and support arrays of ALF hooks.
• Improved the browser process tidy up to ensure memory is released when R7Crawler process has successfully terminated.

Additional Fixes

• Enhanced localStorage and sessionStorage handling with ALF and bootstrap login.
• Optional JavaScript macro events now executable.
• Template Login Macros now executable for JavaScript event types.