Burp intruder is a tool to facilitate automated attacks against web-enabled applications. It is not a point-and-click tool: using burp intruder effectively requires a detailed knowledge of the target application, and an understanding of the HTTP protocol.
Burp intruder is highly configurable and can be used to automate a wide range of attacks against applications, including testing for common web application vulnerabilities such as SQL injection, cross-site scripting, buffer overflows and directory traversal; brute force attacks against authentication schemes; enumeration; parameter manipulation; trawling for hidden content and functionality; session token sequencing and session hijacking; data mining; concurrency attacks; and application-layer denial-of-service attacks.
Key features include:
- Highly configurable algorithms for generating malicious HTTP requests.
- Large number of built-in attack “payloads”.
- Tools for generating customised attack vectors, based on character sequences, substitution, malformed encoding, brute forcing, enumerated tokens, etc.
- Full integration with other Burp Suite tools.
- Customisable tests for anomalous or interesting server responses.
- Detailed capture of results.
- Ability to follow 3xx redirects during an attack.
- IDS evasion and DoS mode.
- Support for proxy servers, and authentication using basic, NTLM and digest types.
- Runs in both Linux and Windows.