Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Get Burp's default intruder insertion points

Tyler | Last updated: Mar 01, 2023 11:41AM UTC

Hey, I am looking to build upon Burp's insertion points for intruder. Is there a way to get the default insertion points for a request? I thought it might be markers() but this returns an empty list for a multi-parameter request. Thank you for your help.

Hannah, PortSwigger Agent | Last updated: Mar 01, 2023 04:40PM UTC

Hi When you say "build on", are you looking to supply additional insertion points to requests? When sending a request to Intruder with the Montoya API, you can specify insertion point positions.

Tyler | Last updated: Mar 02, 2023 08:45AM UTC

Hi Hannah, Thanks for the reply. There is an edge case I'm working with where several parameters are part of an entire string in JSON. Instead of manually parsing the JSON and specifying insertion points, I'd ideally want to look out for this edge case and then add the extra insertion points into the default list. What I'd like to do with Montoya is retrieve the "default" list of insertion points, update it, then send it back to intruder with the new list. Thank you

Hannah, PortSwigger Agent | Last updated: Mar 03, 2023 05:10PM UTC

Hi It's not currently possible to retrieve the list of automatically detected insertion points. We've raised a feature request for this functionality. How much are you using the automatically detected insertion points? If there are only a few that you are regularly using, you could include these as part of your provided list of insertion points.

Tyler | Last updated: Mar 06, 2023 03:45PM UTC