Burp Suite User Forum

Login to post

Recursive Grep results are not used in the following request

Matthias | Last updated: Jan 07, 2021 08:21PM UTC

Hi, I'm making my first steps with Burp and try using intruder for finding the password of an phpmyadmin interface. For that I use a pitchfork attack with a recursive grep to find the session_id and the token. Unfortunately this is not working reliably. Sometimes it works as expected, but most of the time the first request with a password payload is not including the greped values. Sometimes the whole run is executed without the greped values (see the linked images). https://imgur.com/a/580LPE2 What could be the source? Misconfiguration or bug? I tested it with Burp community v2020.12.1 and 2.1.07 in Kali. Thanks a lot!

Michelle, PortSwigger Agent | Last updated: Jan 08, 2021 01:30PM UTC

Thanks for getting in touch. Could you share some screenshots of the Intruder attack configuration so we can take a closer look, please? If you can email them to support@portswigger.net, that would be great.

You need to Log in to post a reply. Or register here, for free.