Burp Suite User Forum

Add time counter between Intruder requests (initiate an Intruder request every x seconds/minutes)

Zac | Last updated: Jan 16, 2019 08:04AM UTC

Hello there, I would like to request a new feature be added to Intruder. I have come across web applications that use the time between requests to control against brute force attempts. As an example, if a user account has an incorrect username or password login twice within 2 minutes then an error message is displayed and the user is "temporarily suspended". After two minutes you can attempt to log in again with the account being enabled. I have wrote a simple bash script that loops a curl command inputting different values in specific POST parameters. It would be great to have the ability in Intruder to specify a delay in seconds/minutes/hours between requests.

PortSwigger Agent | Last updated: Jan 16, 2019 10:18AM UTC

You can do this now. Look in Intruder > Options > Request Engine > Throttle

You need to Log in to post a reply. Or register here, for free.