Burp Suite User Forum

Login to post

Add time counter between Intruder requests (initiate an Intruder request every x seconds/minutes)

Zac | Last updated: Jan 16, 2019 08:04AM UTC

Hello there, I would like to request a new feature be added to Intruder. I have come across web applications that use the time between requests to control against brute force attempts. As an example, if a user account has an incorrect username or password login twice within 2 minutes then an error message is displayed and the user is "temporarily suspended". After two minutes you can attempt to log in again with the account being enabled. I have wrote a simple bash script that loops a curl command inputting different values in specific POST parameters. It would be great to have the ability in Intruder to specify a delay in seconds/minutes/hours between requests.

PortSwigger Agent | Last updated: Jan 16, 2019 10:18AM UTC

You can do this now. Look in Intruder > Options > Request Engine > Throttle

ehlullah | Last updated: Jun 04, 2021 06:53AM UTC

hey, there is no Request Engine here.

Michelle, PortSwigger Agent | Last updated: Jun 04, 2021 08:45AM UTC

The Intruder Tool has been updated, you can now go to the Resource Pool tab to edit the number of concurrent requests and set a delay between requests: https://portswigger.net/burp/documentation/desktop/tools/intruder/intruder-resource-pool

You need to Log in to post a reply. Or register here, for free.