Burp Suite User Forum

Login to post

Credential Stuffing Intruder Payload

Matthew | Last updated: Dec 28, 2021 09:58PM UTC

Is there an easy way to go from a list with username:password combinations with a specific separator (i.e. colon) to do credential stuffing. I found in order to do this I could make two individual files (one with usernames and other with passwords) and then use Sniper attack type with loading two files. cat creds.txt | cut -d ':' -f 1 > burp-custom-users.txt cat creds.txt | cut -d ':' -f 2 > burp-custom-passwords.txt I ran into this during Portswigger Academy Thanks!

Hannah, PortSwigger Agent | Last updated: Jan 05, 2022 12:14PM UTC

Hi There doesn't appear to be this option available in Intruder. You could try writing an extension that can generate multiple payload lists from one file using a separator. Further information on writing extensions can be found here: https://portswigger.net/burp/extender

You need to Log in to post a reply. Or register here, for free.