v2025.9.1 Pagination

What's New:

• Pagination support DOM snapshot MCP tool to efficiently retrieve large data.
• Updated to latest FastMCP

Tip:

• Users can directly call the fetch_encryption_logic() function to retrieve the encryption logic without need of llm using curl command -> curl http://localhost:9011/fetch_encryption_logic -o /tmp/encr.json

Bug Fix:

• Removed non-existing MCP tool
• Fixed return type issues in MCP tool
• Fixed GET/POST method issue in MCP tool
• Fixed in-correct implementation of analyze_specific_function MCP tool

Checksum SHA256:

• BrowserBruter-v2025.9.1 : 3e5d5df3be55863bcb8af4127ebbd0e56e67b593d33ad2da3f5876d313b337bc

v2025.9 Improved Fetch Encryption Logic

What's New:

• Improved the fetch_encryption_logic() MCP tool to reduce retrieval of false positive results.

Tip:

• Users can directly call the fetch_encryption_logic() function to retrieve the encryption logic without need of llm using curl command -> curl http://localhost:9011/fetch_encryption_logic -o /tmp/encr.json

Bug Fix:

• Minor typo fix in default port number of MCP server.

Checksum SHA256:

• BrowserBruter-v2025.9.zip: 7df24e5d079421177408fdbd6ebafd4c8d4c8111b7bc5d22dbfedaaa2b2c82cb

V2025.8 The MCP Release

What's New?

• A fully fledged in built MCP Server to assist you in your web assessment like never before.
  - Automatically craft command to run Browser Bruter.
  - Analyze the whole web application using AI prompts.
  - Analyze the encryption logic and easily crack it using AI.
• UV Support -> Just Download and Run.
  - Added UV support to just download and run the BrowserBruter using uv with 0 manual dependency installation.

Bug Fixes:

• Fixed an exception in Sniper attack.

Checksum SHA256:

• BrowserBruter-v2025.8.zip - e2bb09d93ac9b4ecdfd9f92916d3e9184b981bcfb78605e2a6e5eeb415cd51a8

V2025.3 The Debug Kraken v0.1

Fuzzing via Debugging Module: Leverages the Chrome DevTools Protocol (CDP) to interact with web applications during runtime, even when paused at breakpoints.

New Switches under this module:

• --debug
• --debug-code

Dynamically identify elements using custom attribute identifier with '++' in --elements option.

Learn more about them here: https://net-square.com/fuzzing-the-un-fuzzable-using-debugging-and-browser-bruter.html

V2025.1 Browser Storage Update

Browser BruterV2025.1 🎉 The Manipulation of Browser Storage

Happy New Year! We're excited to unveil V2025.1, a milestone update for Browser Bruter with a special focus on browser storage manipulation and testing. This release brings powerful new tools to control and safeguard browser storage, empowering you to test web applications like never before.

Highlight: Browser Storage Capabilities

This update introduces advanced browser storage manipulation features, giving you granular control over local and session storage during fuzzing and testing workflows.

New Switches

• --add-storage key:value++key2:value2
  Seamlessly add local storage items to the browser in a key-value pair format. Use ++ to chain multiple pairs in a single command.
• --add-session-storage key:value++key2:value2
  Easily inject session storage key-value pairs for testing transient data and session-specific behaviors.
• --force-storage
  Lock down your local storage data! This switch ensures the values you set with --add-storage cannot be overridden by the web application.
• --force-session-storage
  Gain full control over session storage with this switch, preventing applications from altering your injected session storage data.

v2024.12

Bug Fix:

• Added support for python3.12
• Fixed missing modules not mentioned in requirements.txt file

New Feature:

• Added '--no-reload-page' switch to prevent Browser Bruter from navigating back to "--target" URL after each fuzzing iteration.

v2024.10.17 HACKTOBER UPDATE

Hacktober is here, and so is a new update!

In the spirit of Hacktober, we are excited to announce a brand-new update for Browser Bruter! After extensive testing, we've squashed numerous bugs and added exciting new features to make Browser Bruter better than ever.

Bug Fixes:

• Docker Console Output: Previously, the Docker container would fail to display output after running the script once, forcing users to restart the container. This issue has been resolved, and now the console output functions as expected.
• --fill-values Option: This option wasn't working in earlier versions, but it's now fixed.
• Battering Ram Attack Mode: The report previously displayed only a single element being fuzzed, but now all elements are shown correctly.
• Report Explorer URL Display: In the Request tab, the entire URL (including the domain) was being displayed. Now, only the path after the method name is shown for clarity.
• Argument Validation: If users supplied --elements and --element-payloads (or --payloads and --element-payloads) together, they used to encounter a stack trace. Now, a clear help message is displayed instead.
• Attack Mode Option Check: Previously, selecting attack modes 1 or 2 without using the --elements and --payloads options caused crashes. Similarly, modes 3 or 4 required --elements-payloads but did not enforce the check. These validations are now in place, making error messages user-friendly and avoiding crashes.

New Features:

• Advanced Search in Report Explorer: The new search functionality enhances your ability to explore reports efficiently. Check it out here: Report Explorer Advanced Search
• UI Tweaks: We've added scroll bars in the Request/Response tabs, and attack mode names are now visible in the GUI.
• Enhanced Error Handling: Instead of crashing when a server is slow or an element/browser isn’t found, Browser Bruter now prompts you to retry the attack, preventing unwanted interruptions.
• Improved Code Quality: The tee class has been removed, leading to cleaner and more efficient code.
• Pause Menu Enhancements: You can now toggle verbosity on or off through the pause menu, even if you didn’t use the --verbose switch. More info: Pause & Resume Attacks

New Options:

• --chrome-driver and --chrome-binary: These options allow users to provide their own Chrome browser binary and driver. Learn more: New Browser Options
• --pause-on-popup: This option pauses Browser Bruter when a popup occurs on the webpage, giving you time to manually handle the popup and analyze attacks like cross-site scripting in real-time. Details here: Handling Popups

v2024.10 ReportExplorer Special

Special update focusing on ReportExplorer

Change Note:

• Added option to change fonts size
• Added option to view raw HTTP request and response in Base64 format
• Data now loads faster and overall speed of Report Explorer is increased
• BUG FIX: Previously, while using arrow keys, the data displayed in the HTTP request/response section was mismatched with the selected row. This has been fixed in the new update

v2024.9

Major update bundled with most awaited features.

Change Note:

• Enhanced and more Advanced Python Scripting Engine 2
• Brand new Automatic Navigation Handler
• Docker Support Added
• Graphical User Interface Support
• Bug Fixes

v2024.5.1

Change Log - 2024.5.1
- Bug Fix: Tool was not able to decompress gzip compressed traffic.