Fuzzing web requests using the Intruder tab
Burp Intruder is a monster of automation, and it allows you to enumerate, fuzz, and harvest data from the target web application. In the old days, when I started using Burp, the first thing that I learned was to use the Intruder tool to brute-force login credentials. We will cover more examples in the upcoming chapters, but for this section, I want you to understand the basics of this tool:
Intruder attack types
One of the most confusing things for beginners are the attack types in the Intruder tool. I will do my best to explain them to you in a practical way, so they won't be an obstacle for you to use this section:
- Sniper: This is the most popular one, and you can use it for only one payload. A practical example of this type of payload is the one that we saw earlier, for fuzzing directory names. Another example would be to fuzz the query string value. Hackers fuzz the product number in the URL, to see which products are on a discount before they...
