Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Non-GUI configuration of predefined payload lists in Intruder

Nicolas | Last updated: Jun 27, 2017 10:09AM UTC

Hello, default Intruder payloads can be modified through the GUI via the "Intruder -> Configure predefined payload lists" menu. However, I'd like to set this option when starting Burp Suite, using a JSON file like for hotkeys, proxy config, ... Is that possible? Additional Q: where is this value persisted? Thanks in advance, Nicolas

PortSwigger Agent | Last updated: Jun 27, 2017 10:13AM UTC

I don't think this is possible through a public Burp API. The setting is stored in Java preferences. Here is a Jython snippet to read it: >>> from java.util.prefs import Preferences >>> Preferences.userRoot().node('burp').get('intruder.payloadsdir', None) u'/Users/paul/qwerty' Please let us know if you need any further assistance.

Burp User | Last updated: Jun 28, 2017 02:26PM UTC

Thanks for your prompt response (and the Jython code)! I just discovered a third place where settings are stored, in addition to the well documented project and user options. Another point: when the payloads directory is modified, files stored in the directory may (or not) be listed alphabetically. Test with Burp Pro v1.7.23: - Linux JAR file (Oracle v1.8.0_131) => random order - Linux installer (Oracle v1.8.0_112) => random order - Windows x64 installer (Oracle v1.8.0_112) => files are sorted As you can imagine, looking for a specific filename is a un-ordered list of dozens of items is more than boring. Thanks in advance, Nicolas

Burp User | Last updated: Jun 28, 2017 02:28PM UTC

And, of course, I'd like to be able to set the 'intruder.payloadsdir' option using JSON project/user files. Nicolas

PortSwigger Agent | Last updated: Jun 28, 2017 02:34PM UTC

Hi Nicolas, Ok, we will see about sorting that list. In the meantime, here is a bash one liner that may help you: ls | sort | while read a; do cp $a ../sorted/$a; done It relies on Linux typically listing directories in the order files were created. We have a long-term plan for a refactor of the extension API. We'll aim to make all configuration accessible, including payloadsdir.

PortSwigger Agent | Last updated: Jun 29, 2017 10:16AM UTC

Hi Nicolas, Thanks for following up. Turns out Mac and Windows sort for us but Linux doesn't. I've bumped this issue into our current focus; with any luck it will be in the next release.

Burp User | Last updated: Jun 29, 2017 11:35AM UTC

> we will see about sorting that list Thanks! > bash one liner that may help you That doesn't work here... Here's a directory containing 3 files. "A" is the oldest, "C" the newest: $> ls -ltr --full-time -rw------- 1 nico nico 0 2017-06-29 13:23:36.264309971 +0200 A -rw------- 1 nico nico 0 2017-06-29 13:23:40.048332693 +0200 B -rw------- 1 nico nico 0 2017-06-29 13:23:43.168351427 +0200 C When used teh directory as payloadsdir, I get an un-ordered list, like "BAC". So neither alphabetical nor chronological sorting are applied. Regards, Nicolas

Burp User | Last updated: Jun 30, 2017 02:22PM UTC

Thanks, looking forward!

PortSwigger Agent | Last updated: Jun 30, 2017 02:35PM UTC

Just to let you know we've fixed this issue in today's release (1.7.27). Thanks again for your feedback and please let us know if you run into any other problems.

Burp User | Last updated: Jul 18, 2017 08:40PM UTC

Not fixed in v1.7.24... Maybe the next one.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.