Stratos Ally

Subscribe
Subscribe
Facebook-square Instagram Linkedin Youtube X-twitter

BurpSuite Intruder – Part 1 

Picture of StratosAlly

StratosAlly

Facebook-square Instagram Linkedin Youtube X-twitter
BurpSuite Intruder – Part 1

**Note: The content in this article is only for educational purposes and understanding of cybersecurity concepts. It should enable people and organizations to have a better grip on threats and know how to protect themselves against them. Please use this information responsibly.** 

Burp Intruder is a robust tool designed for executing highly customizable, automated attacks on websites. It allows you to set up attacks that repeatedly send the same request, each time inserting different payloads into specified positions. 

When you make an HTTP request to Burp Intruder, it launches in a new attack tab. Burp Intruder allows you to place payloads into specified positions within an HTTP request and then dispatch each variation of the request to the target server. 

Payload Positions Field 

You can define payload positions within the Payload positions field under Intruder > Positions. When a request is sent to Intruder, this field is automatically filled with the request and target details, including: 

  • URL query string parameters 
  • Body parameters 
  • Cookies 
  • Multipart parameter attributes, such as filenames in file uploads 
  • XML data and element attributes 
  • JSON parameters 

Target Field 

Burp Intruder allows you to define payload positions in the target field, specifying where attacks are directed. It contains: 

  • Protocol: HTTP or HTTPS 
  • Host: IP address or hostname of the target server 
  • Port: Port number of the HTTP/S service 

By default, the “Update Host header to match target” option is selected, ensuring any changes to the target are reflected in the host details of the base request. You can deselect this option to modify the target only, allowing you to send a custom Host header to a fixed target. 

Configuring Payload Positions 

Each payload position is marked by a pair of § symbols and highlighted for easy identification. You can easily set a single payload position by selecting the desired value in any Burp message editor, right-clicking, and selecting “Send to Intruder.” 

To set or modify multiple payload positions, use the buttons next to the Payload positions field in the Intruder > Positions tab: 

  • Add a single payload marker: Click “Add §.” 
  • Add a pair of markers: Select text and click “Add §” to place markers around the selected text. 
  • Remove all payload markers: Click “Clear §.” If text is selected, markers are removed only from that area. 
  • Apply automatic payload markers: Click “Auto §.” Burp will insert automatic payload positions, which can be configured to replace or append to the base parameter value in the Settings dialog. If text is selected, automatic markers are placed within that area. For example, you can highlight XML or JSON data within a multipart parameter and click “Auto §” to position payloads. 
  • Refresh syntax colorizing: Click “Refresh” to reset to default colorizing. 
  • Clear the request template: Click “Clear.” 

more Related articles

READ ALL