Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Find and replace in intruder

Ricardo | Last updated: May 06, 2015 09:19PM UTC

It would be nice to have a find and replace within intruder, saving the tester from burp <-> notepad copy & paste kung foo. Sometimes the HTTP requests are so massive that makes impossible to set each entry point one by one.

Burp User | Last updated: May 06, 2015 09:28PM UTC

It would be nice the ability to have burp scanner to spawn a thread (if desired by the tester) for each intruder entry point or of course until the max threads is reached. In a request like the above POST /juice HTTP/1.1 <...headers...> content={"p1":$a$, "p2":$b$, "p3":$c$} the scanner currently goes on $a$ first and the move to $b$ and then move to $c$. Have one scanner thread per entry point would improve the scanning speed a lot.

PortSwigger Agent | Last updated: May 07, 2015 02:50PM UTC

1. Do you mean a match/replace function within the request template editor where you define payload positions? 2. You can define as many threads as you need in the Request engine section of the Intruder attack options. The requests will still be issued in the sequence they are generated based on your configuration, but they will be served by the configured thread pool.

Burp User | Last updated: May 11, 2015 12:31PM UTC

1) Yes 2) Thanks for your clarification.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.