Burp Suite User Forum

Login to post

Feature request regarding Burp's "Turbo Intruder" extension.

Zarkones | Last updated: Aug 20, 2020 12:45PM UTC

Naturally "Turbo Intruder" feels like native feature of Burp proxy. And I've found it strange that we can not specify multiple injection points within a single request. (using "%s" symbol) Kind regards, your fellow researcher.

Michelle, PortSwigger Agent | Last updated: Aug 21, 2020 10:59AM UTC

It is possible to specify multiple injection points, there's an example for using multiple parameters you might want to take a look at: https://github.com/PortSwigger/turbo-intruder/blob/master/resources/examples/multipleParameters.py

Zarkones | Last updated: Aug 21, 2020 02:01PM UTC

Hmm, not quite what I was hoping for, while testing I've a need to inject the same payload into multiple points within the same request, by specifying '%s' multiple times.

Michelle, PortSwigger Agent | Last updated: Aug 25, 2020 02:15PM UTC

Can you explain the use case in a bit more detail, please? Once you have %s defined multiple times in the request how do you then see the payloads being assigned?

You need to Log in to post a reply. Or register here, for free.