Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Configure Cluster bomb

Marko | Last updated: Sep 07, 2017 05:03AM UTC

Let's say I use a cluster bomb attack with the repeater on this request (a quiz in which you can pass by checking the 3 corrects answers: &answer1=§0§&answer2=§0§&answer3=§0§&answer4=§0§&answer5=§0§&answer6=§0§&good_answers=3 For my payload type, I use a simple list with two string... 0( answer not chosen) and 1(answer choosen) This give me a total of 64 possible requests. I'd like to bring down this to 2^3 because I know that passing the quizz means I have to choose 3 right answers, not 4, 5 or 6. Can this be specified in the repeater? This means that

PortSwigger Agent | Last updated: Sep 07, 2017 06:56AM UTC

Hi Marko, Thanks for your message. Can you clear the § markers on answers 4, 5 and 6? I think that will do what you need.

Burp User | Last updated: Sep 08, 2017 02:14AM UTC

You misunderstood. The quizz look like that: Q: Choose the 3 correct answers: [ ] - answer number 1 [ ] - answer number 2 [ ] - answer number 3 [ ] - answer number 4 [ ] - answer number 5 [ ] - answer number 6 To pass the question, you need to choose the correct answers, there are three. Choosing more than three answers is useless. This means that theses would be good attempts &answer1=1&answer2=1&answer3=1&answer4=0&answer5=0&answer6=0&good_answers=3 (three answers choose) OR &answer1=0&answer2=1&answer3=0&answer4=0&answer5=1&answer6=1&good_answers=3 (three answers chosen) but not &answer1=1&answer2=1&answer3=1&answer4=1&answer5=1&answer6=1&good_answers=3 (6/all answers chosen) OR &answer1=1&answer2=0&answer3=0&answer4=1&answer5=1&answer6=1&good_answers=3 (4 answers chosen) because in theses, there are more than 3 answers chosen. So basically, I want to specify to the intruder that I don't want more than three of the items (0 or 1) in the simple list in any request. 0 , 0 , 1 , 1 , 1, 0 good 1 , 0 , 1 , 0 , 1, 0 good 0 , 0 , 1 , 0 , 1, 0 bad

PortSwigger Agent | Last updated: Sep 08, 2017 08:22AM UTC

Hi Marko, Thanks for the explanation, I think I understand your use case now. This isn't possible with Cluster Bomb, although you can use some scripting and a Pitchfork attack to do the same. First, use this script to generate 6 sets of payloads (you may need to tweak this): bc. length = 6 files = [open('%d.txt' % (i+1), 'w') for i in range(length)] for item in range((length+2)**2): cur = [1 if item & 2**i else 0 for i in range(6)] if len([x for x in cur if x]) == 3: print(cur) for i in range(6): files[i].write("%d\n" % cur[i]) Then configure a Pitchfork attack, using one of the generated files for each of the payload sets.

Burp User | Last updated: Sep 08, 2017 11:11PM UTC

Thank you very much, seem this will do the trick.

Burp User | Last updated: Sep 08, 2017 11:50PM UTC