Burp Suite User Forum

Create new post

Intruder only works after repeater...sort of

John | Last updated: Dec 01, 2020 06:32PM UTC

Hi all, I'm 2 weeks into pen testing and burp so please forgive me if this sounds really simple. For some reason, the Intruder only works after I've run an instance in the Repeater. Steps I'm following are: 1. Launch browser (internal one) 2. Navigate to login 3. Enter valid user, dodgy password 4. Take that post and move it to the Repeater. 5. In the repeater, I change the password to the valid one and run - it works OK. 6. I then move it into the repeater. Different scenarios: 1. Run the Repeater, leave for 30 seconds, valid password in list fails. 2. Run the Repeater, run straight away, (valid password at top of list, valid password 100 rows down). First attempt works, second one doesnt. 3. All rows with valid password, they all work and don't need to run through the repeater. 4. Valid password on row number 100. They all fail. But eyeballing it, if I run the repeater at when it hits at around 75 it works as the session or whatever I assume is still valid. Something timing out and I'm not sure why. I'm not sure full stop. Any help would be greatly appreciated.

John | Last updated: Dec 01, 2020 07:31PM UTC


John | Last updated: Dec 01, 2020 07:31PM UTC

Here is a copy of my request. uses csrf. thanks! I'll post a copy of the request in case that helps :) POST /login?redirect_uri=https%3A%2F%2Fapp.qa.xxxxx.co.uk%2Flogin.html&response_type=code&client_id=2u0e4jnt0913gfbfbed7h9jr5c&state=&scope=openid%20email%20profile HTTP/1.1 Host: um-auth-qa.auth.eu-west-1.amazoncognito.com Connection: close Content-Length: 1042 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: https://um-auth-qa.auth.eu-west-1.amazoncognito.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://um-auth-qa.auth.eu-west-1.amazoncognito.com/login?redirect_uri=https%3A%2F%2Fapp.qa.ssssss.co.uk%2Flogin.html&response_type=code&client_id=2u0e4jnt0913gfbfbed7h9jr5c&state=&scope=openid%20email%20profile Accept-Encoding: gzip, deflate Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Cookie: XSRF-TOKEN=3a3a60b6-ae1f-4951-a6b3-9152dde95d58; csrf-state=""; csrf-state-legacy="" _csrf=3a3a60b6-ae1f-4951-a6b3-9152dde95d58&username=john.sidney%40ddddddddd&password=jfjfjfjfjf&cognitoAsfData=eyJwYXlsb2FkIjoie1wiY29udGV4dERhdGFcIjp7XCJVc2VyQWdlbnRcIjpcIk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84Ny4wLjQyODAuNjYgU2FmYXJpLzUzNy4zNlwiLFwiRGV2aWNlSWRcIjpcIjByZHcza2ZoOXExd3M2YXoyMWYyOjE2MDY4NDUyMjY4MjVcIixcIkRldmljZUxhbmd1YWdlXCI6XCJlbi1HQlwiLFwiRGV2aWNlRmluZ2VycHJpbnRcIjpcIk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84Ny4wLjQyODAuNjYgU2FmYXJpLzUzNy4zNkNocm9taXVtIFBERiBQbHVnaW46Q2hyb21pdW0gUERGIFZpZXdlcjpOYXRpdmUgQ2xpZW50OmVuLUdCXCIsXCJEZXZpY2VQbGF0Zm9ybVwiOlwiV2luMzJcIixcIkNsaWVudFRpbWV6b25lXCI6XCIwMDowMFwifSxcInVzZXJuYW1lXCI6XCJqb2huLnNpZG5leUBpbmZ1c2UuaXRcIixcInVzZXJQb29sSWRcIjpcIlwiLFwidGltZXN0YW1wXCI6XCIxNjA2ODQ1MjI2ODI2XCJ9Iiwic2lnbmF0dXJlIjoic3FXZENsTEJsYWdXNHhTY1N5dE0vM2ZOZ2NuaUtrMWVLT0JXUk5tKzR0RT0iLCJ2ZXJzaW9uIjoiSlMyMDE3MTExNSJ9&signInSubmitButton=Sign+in

Liam, PortSwigger Agent | Last updated: Dec 02, 2020 09:21AM UTC

Thanks for your message. In the steps you have provided, at which point do you use Burp Intruder?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.