Burp Intruder is a powerful tool included in the Burp Suite, a widely-used web vulnerability scanner and penetration testing tool. It allows security professionals to automate various types of attacks against a web application. One of its most essential features is the ability to perform attacks in different modes, each tailored for specific purposes. In this blog post, we’ll explore the various attack modes in Burp Intruder and how they can be utilized effectively.
We will be going through all the 4 attack types with examples. We will be using a simple wordlist for explaining the things in a simple way.
Let’s use this simple wordlist for our next steps:
Usernames:
- Username1
- Username2
- Username3
- Username4
Passwords:
- Password1
- Password2
- Password3
- Password4
Attack type:
Sniper:
This is a type where we can send only payload at a specific position. We can use this in the cases where we know the other things and only one field is to be brute-forced. Ex: we know the username and we have to brute force the password. Let’s suppose our user is ‘Username1’
Then the underlying combination will look like this, (from the above list)
Username: password
Username1:Password1
Username1:Password2
Username1:Password3
Username1:Password4
>> (Learn More) "Automated Pen Testing Significantly Improved The Depth & Breadth Of Testing" - Ed Adams, Security Innovation
Battering Ram:
This is a type where we can send only one payload at all the positions. We can use this for the cases where the usernames and passwords are the same. Let’s suppose we have selected 2 fields: username and password. Also we have supplied the list Usernames(from above wordlist).
Then the underlying combination will look like this:
Username: password
Username1:Username1
Username2:Username2
Username3:Username3
Username4:Username4
Pitch Fork:
This is the mode where we can specify different wordlists for different positions. Let’s suppose we have selected 2 fields: username and password. Also we have supplied the list Usernames and passwords(from above wordlist).
Then the underlying combination will look like this,
Username: password
Username1:Password1
Username2:Password2
Username3:Password3
Username4:Password4
>> Find Critical Risks in 72 Hours & Continuous Risk Hunting (Request Demo)
Cluster Bomb:
This will use an iterative approach. Let’s suppose we have selected 2 fields: username and password. Also we have supplied the list Usernames and passwords(from above wordlist).
Then the underlying combination will look like this,
Username: password
Username1:Password1
Username1:Password2
Username1:Password3
Username1::Password4
Username2:Password1
Username2:Password2
Username2:Password3
Username2:Password4
Username3:Password1
Username3:Password2
Username3:Password3
Username3:Password4
Username4:Password1
Username4:Password2
Username4:Password3
Username4:Password4
>> Discover & Test your Ransomware Attack Surface
Conclusion:
Understanding the different attack modes in Burp Intruder is crucial for efficiently testing web applications for vulnerabilities. By selecting the right attack mode based on your testing scenario, you can maximize the effectiveness of your security assessments.
By: FireCompass Delivery Team – Ramkrishna Mishra
About FireCompass:
FireCompass is a SaaS platform for Continuous Automated Pen Testing, Red Teaming and External Attack Surface Management (EASM). FireCompass continuously indexes and monitors the deep, dark and surface webs using nation-state grade reconnaissance techniques. The platform automatically discovers an organization’s digital attack surface and launches multi-stage safe attacks, mimicking a real attacker, to help identify breach and attack paths that are otherwise missed out by conventional tools.
Feel free to get in touch with us to get a better view of your attack surface.