**Note: The content in this article is only for educational purposes and understanding of cybersecurity concepts. It should enable people and organizations to have a better grip on threats and know how to protect themselves against them. Please use this information responsibly.**
Attack Types of Intruder
To configure how payloads are assigned to payload positions, you need to select an attack type. Attack types allow you to determine the following:
- Whether payloads come from a single set or multiple sets (up to 20).
- Whether payloads are assigned to positions sequentially or all at once.
To choose an attack type, navigate to Intruder > Positions and use the drop-down menu under Choose an attack type.
Sniper
This attack sequentially inserts each payload into each payload position, utilizing a single payload set. The total number of requests generated is calculated by multiplying the number of positions by the number of payloads in the set. The Sniper attack is particularly effective for individually testing various request parameters for common vulnerabilities.
Battering Ram
This attack method inserts the same payload into all specified payload positions at the same time, using a single payload set. The total number of requests generated equals the number of payloads in the set. The Battering Ram attack is particularly useful when the same input needs to be placed in multiple locations within a request, such as a username in both a cookie and a body parameter.
Pitchfork
This attack method uses different payload sets for each defined position, simultaneously placing payloads into each position. For instance, the first three requests would be:
- Request one:
- Position 1 = First payload from Set 1.
- Position 2 = First payload from Set 2.
- Request two:
- Position 1 = Second payload from Set 1.
- Position 2 = Second payload from Set 2.
- Request three:
- Position 1 = Third payload from Set 1.
- Position 2 = Third payload from Set 2.
The total number of requests generated is determined by the number of payloads in the smallest payload set. The Pitchfork attack is particularly useful when different but related inputs need to be inserted into multiple places within a request, such as placing a username in one parameter and a corresponding ID number in another.
Cluster Bomb
This attack method cycles through different payload sets for each defined position, sequentially placing payloads from each set to test all possible combinations. For example, the first three requests will be:
- Request one:
- Position 1 = First payload from Set 1.
- Position 2 = First payload from Set 2.
- Request two:
- Position 1 = Second payload from Set 1.
- Position 2 = Second payload from Set 2.
- Request three:
- Position 1 = Third payload from Set 1.
- Position 2 = Third payload from Set 2.
The total requests generated are the product of the number of payloads in all defined sets, which can be very large. The Cluster Bomb attack is useful when you need to insert unrelated or unknown inputs into multiple positions within a request, such as when attempting to guess both a username and a password.
Working of a Sniper Attack
- Assume we have a login page and that we have to find the username of the web application.
- We entered the test username and password for the starters and captured the request in Burpsuite. If you want to know how to install Burpsuite and capture requests, then you can refer to burpsuite installation.
- After capturing the request, right-click and send the request to the Intruder.
- In Intruder, make sure the attack type is selected as Sniper.
Highlight the username and click on the Add button at the right to add it as a payload position.
- Go to the payloads section, select the payload type as Simple List, and paste your payloads list. Then click on Start attack.
- Once the attack is completed, we can see we found the username.
