Burp Suite User Forum

Create new post

Burp - Intruder path traversal with list

John | Last updated: May 25, 2016 11:30AM UTC

Hi, I am using the Burp Suite Professional v1.7.02beta, and I was wondering if it possible to do a path traversal with the Intruder, especially with a list? In fact, I want to use the Payload Processing with a wordlist, to work with the path traversal option. Regards, John.

PortSwigger Agent | Last updated: May 26, 2016 08:52AM UTC

There isn't a built-in payload list of path traversal test strings. Often, the illegal unicode payload type is the most effective. Use a few simple payloads with different retrieval files, and then configure the illegal unicode generator to produce variations on the slash character. Documentation is here: https://portswigger.net/burp/help/intruder_payloads_types.html#illegalunicode

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.