Burp intruder offers a payload type called Recursive Grep that “lets you extract each payload from the response to the previous request in the attack” 1. We can use this functionality to extract the CSRF token from the HTML source, and replay in the next request, allowing us to launch automated fuzzing attempts. Go to Intruder tab; Leave Target tab with its default setting; Click on Positions tab. 1.Click on clear for clearing all the input fields. 2. Broadband speed checker ofcom. Select parameter you want to intrude. 3.Click on add for selecting the parameter. 4.And leave the attack type to be Sniper as we only have one parameter for intruding. Now move to next tab i.e, Payloads.
- Target - This is used to configure the details of the target server for the attack.
- Positions - This is used to configure the request template for the attack, together with payload positions, and the attack type (this determines the way in which payloads are assigned to payload positions).
- Payloads - This is used to configure one or more sets of payloads, which will be placed into payload positions during the attack.
- Options - This is used to configure numerous other options affecting the attack.
Burp Suite Basics
- Host - Here we have to enter the IP address or hostname of the target server.
- Port - Here we have to enter the port number of the HTTP or HTTPS service.
- Use HTTPS - We need to choose whether the target is using HTTPS or not.
Burp Suite Intruder Attack Types Pictures
- Add § - This will select the selected text as a payload position in the request template.
- Clear § - This removes all payload positions from the request template.
- Auto § - This makes a guess as to where it might be useful to position payloads and places payload position accordingly.
- Refresh - This will refresh the syntax colorizing of the request template editor, if necessary.
- Clear - This deletes the entire request template.
- Sniper - The sniper attack uses only one payload set, and it replaces only one position at a time. It loops through the payload set, first replacing only the first marked position with the payload and leaving all other positions to their original value. After it's done with the first position, it continues with the second position.
- Battering ram - The battering ram attack type places the same payload value in all positions. It uses only one payload set. It loops through the payload set and replaces all positions with the payload value.
- Pitchfork - The pitchfork attack-type uses one payload set for each position. It places the first payload in the first position, the second payload in the second position, and so on.
- Cluster bomb - The cluster bomb attack tries all different combinations of payloads. It still puts the first payload in the first position and the second payload in the second position. But when it loops through the payload sets, it tries all combinations.
Burp Suite Intruder Attack Types Youtube
- Payload Sets - Here we can define one or more payload sets. The number of payload sets depends on the attack type defined in the Position tab. Various payload types are available for each payload set, and each payload type can be customized in different ways.
- Payload Options - This payload type lets you configure a simple list of strings that are used as payloads.
- Payload Processing - You can define rules to perform various processing tasks on each payload before it ti used.
- Payload Encoding - This setting can be used to URL-encode selected characters within the final payload, for safe transmission within the HTTP request.
Burp Suite Modes
- Request Headers - These settings control whether Intruder updates the configured request headers during attacks.
- Request Engine - These settings control the engine used for making HTTP requests when performing attacks.
- Attack results - These settings control what information is captured in attack results.
- Grep - Match - These settings can be used to flag result items containing specific expressions.
- Grep - Extract - These settings can be used to extract useful information from responses to the attack results table.
- Grep - Payloads - These settings can be used to flag result items containing reflections of the submitted payload.
- Redirections - These settings control how Burp handles redirections when performing attacks.