Burp intruder

0 Flares Facebook 0 Twitter 0 Google+ 0 LinkedIn 0 Email -- 0 Flares ×

Burp intruder is a tool to facilitate automated attacks against web-enabled applications. It is not a point-and-click tool: using burp intruder effectively requires a detailed knowledge of the target application, and an understanding of the HTTP protocol.

Burp intruder is highly configurable and can be used to automate a wide range of attacks against applications, including testing for common web application vulnerabilities such as SQL injection, cross-site scripting, buffer overflows and directory traversal; brute force attacks against authentication schemes; enumeration; parameter manipulation; trawling for hidden content and functionality; session token sequencing and session hijacking; data mining; concurrency attacks; and application-layer denial-of-service attacks.

Key features include:

  • Highly configurable algorithms for generating malicious HTTP requests.
  • Large number of built-in attack “payloads”.
  • Tools for generating customised attack vectors, based on character sequences, substitution, malformed encoding, brute forcing, enumerated tokens, etc.
  • Full integration with other Burp Suite tools.
  • Customisable tests for anomalous or interesting server responses.
  • Detailed capture of results.
  • Ability to follow 3xx redirects during an attack.
  • IDS evasion and DoS mode.
  • Support for proxy servers, and authentication using basic, NTLM and digest types.
  • Runs in both Linux and Windows.

Ref : http://portswigger.net/intruder/

Comments

comments

One Reply to “Burp intruder”

Leave a Reply

Your email address will not be published. Required fields are marked *