Burp Suite User Forum

Create new post

Intruder question

Servio | Last updated: May 31, 2016 02:17AM UTC

Hi, I got some questions for Burp's intruder.. 1/ When performing a fuzzing attack, does burp wait for the actual response of a payload from the server before moving to the next payload? 2/ Can the fuzzing attack cause the server to run out of resources (regardless of the payloads used)?

PortSwigger Agent | Last updated: May 31, 2016 10:14AM UTC

1. This depends on your thread count. Each thread processes a single request at a time, waits for the response, and then moves onto the next payload. Multiple threads will do this in parallel. 2. Yes, this is always possible with any automated operation, and very much depends on the nature of the functionality that is being exercised.

Burp User | Last updated: May 31, 2016 05:08PM UTC

Interesting. So a gateway Timeout error would most likely be because the server ran out of resources rather than a particular vulnerability.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.