Welcome to next tutorial on how to use Burp Suite Intruder tab attacks. Intruder tab lets you automate the process of sending modified requests to the target server and analyzing the responses. In this tutorial, we will dive deep into the Burp Suite Intruder tab. Let's get started!
Configuring Burp Intruder attacks
The first step to launch a Burp Intruder attack is to send an HTTP request to the Intruder tab. You can do this from any other tab such as Proxy, Repeater, or Scanner. When you send a request to Intruder, it opens in a new attack sub-tab.
Positions tab
The first configuration tab is the Positions tab. Here you can define the locations in the base HTTP request where you want to insert payloads and the attack type.
Payload positions
To define a payload position, you can use mouse to select the part of the request and Click Add § button. You can also use the Clear button to remove all payload positions..
Here, we have selected the lesson_id post parameter as the payload position.
Attack type
It is where you can choose the algorithm for placing payloads into defined payload positions. The types of attack are as follows:
- Sniper (default) - Uses a single set of payloads and places each payload into one position at a time.
- Battering ram - Uses a single set of payloads. It places the same payload into all defined positions at once.
- Pitchfork - This uses multiple sets of payloads. It places one payload from each set into the defined positions at once.
- Cluster bomb - This iterates multiple set of payloads through all combinations of payloads from each set and places them into the defined positions at once.
Let's go with the default attack type this time!
Payload type
The next configuration tab is the Payloads tab. Here you can choose the type of payload that you want to use for each position. You can use different types of payloads for different positions. There are many types of payloads that you can use, mostly used are as follows:
- Simple list (default) - This lets you use a list of predefined values as payloads. You can enter them manually, paste from clipboard or load them from a file.
- Numbers - specify the start and end values, the increment value, and the padding options.
- Dates - specify the start and end dates, the increment value, and the format options.
- Brute forcer - specify the character set, the minimum and maximum length, and the case options.
- Character substitution - specify a base value and a list of characters to replace with other characters.
- Bit flipper - specify a base value and flip one or more bits in it.
- Null payload - empty string.
Let's use Number payload first as it expects a numeric value.
Payload processing
The next configuration tab is the Options tab. Here you can add rules to manipulate each payload before it is used in the request. You can apply various types of rules, such as:
- Encode/decode - This lets you encode or decode each payload using various methods, such as URL encoding, HTML encoding, Base64 encoding, etc.
- Add prefix/suffix - This lets you add a prefix or suffix to each
- payload. You can also use variables to insert dynamic values, such as the current payload position, the current payload number, or the current time.
- Match/replace - This lets you replace a part of each payload with another value based on a regular expression match.
- Add cookie - This lets you add a cookie to each request with a specified name and value.
- Skip if matches - This lets you skip a payload if it matches a specified regular expression.
You can add multiple rules and reorder them as needed. You can also test each rule by using the Test button and previewing the output.
Resource pool
We can also specify how to handle the resource pool, such as specifying the delay between requests, number of concurrent request sent or stop the attack automatically when server is not responding.
Attack settings
The last configuration tab can be used to adjust various settings for your attack, such as HTTP request header, Error handling, Grep Match/Replace, Comment, Redirection, Save/Load. etc.
Burp Intruder Attack tabs
Once you have configured your Burp Intruder attack, you can start it by clicking on the Start attack button. This will open a new window that shows the progress and results of your attack. You can also pause, resume, or stop your attack at any time by using the buttons at the top of the window. Each attack will open in a new tab in Intruder.
Ctrl+Tab and Ctrl+Shift+Tab - This switches between different tabs in Intruder.
Viewing and analyzing Burp Intruder attack results
The main part of the Burp Intruder attack window is the results window. Here you can see all the requests and responses that were sent and received during your attack. We can sort, filter, search, and export the results as needed.
Each column represents a piece of information about it, such as HTTP Status, Response Length/size, Payloads used, Time, etc.
We can also customize these columns and also show/hide for better visibility. We can save the results as a CSV file, an HTML file, or a Burp Intruder state file.
Overall, you have learned how to use Burp Suite Intruder tab attacks to automate various types of attacks on web applications.
