From the course: Burp Suite Essential Training

Unlock the full course today

Join today to access over 24,000 courses taught by industry experts.

Introducing the Intruder

Introducing the Intruder - Burp Suite Tutorial

From the course: Burp Suite Essential Training

Start my 1-month free trial Buy for my team

Introducing the Intruder

- [Instructor] Let's have a look at the Intruder capability in BurpSuite. For this, we'll use the DAB server, which can be accessed at the main Hack The Box lab, and we'll test the website on port 80. Okay, let's turn Intercept off, and open the browser, and browse to 10.10.10.86. Okay, we get a login screen. Let's try admin, admin and see if we're lucky. Apparently not. Okay, let's see if we can brute force this with Intruder. We'll go to the Site map, we'll select the POST message, and under Actions we'll Send to Intruder. Okay, we'll now select Intruder, Positions. We can see the user ID and password in the bottom of the message, and we can see all the input fields have section markers around them. We'll click Clear to get rid of the section markers, and highlight our password entry, and press Add section marker. We'll next select Payloads. We now have to get a list of values to try as passwords. We have the…

Contents