Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Target Site in the Intruder

Nadav | Last updated: Aug 12, 2020 08:28AM UTC

Hi, Is it possible to add the option to change the target site in the intruder, to be able to set a payload set for it as well?

Hannah, PortSwigger Agent | Last updated: Aug 13, 2020 07:20AM UTC

Once an attack has been started, you cannot change the Attack Target. Could you provide some more details on why you would want this functionality?

Nadav | Last updated: Aug 13, 2020 07:57AM UTC

There are many times that I need to test the same endpoints/parameters for many domains/subdomains. Today, to solve this problem, I'm writting a Python code, but if I want to use Burp's power, I'll have to write them myself in the Python, for example to use threads, I'll have to write it myself instead of using Burp's. This problem is repeated for me, and I'm sure for many more, both in bug bounty programs (for example - I want to test all the scope with the same parameters) and in my job.

Hannah, PortSwigger Agent | Last updated: Aug 14, 2020 08:14AM UTC

When you say you're writing in Python code - are you currently using Turbo Intruder to provide this functionality?

Nadav | Last updated: Aug 16, 2020 07:58AM UTC

No, I mean I'm opening new Python file and literally write it myself.

Hannah, PortSwigger Agent | Last updated: Aug 17, 2020 02:37PM UTC

Have you tried using Turbo Intruder for this functionality at all? It allows you to have greater control over your attack as you can configure it using Python. You can find it available on the BApp Store.

Nadav | Last updated: Aug 18, 2020 06:53AM UTC

I am familiar with Turbo Intruder, but as much as I know, I has only one injecting point, while I need at least 2 if using Turbo Intruder (Host heade + at least one parameter) or at least 3 if using Burp's internal Intruder (targeting domain, Host header and at least one parameter). Thus, as much as I know Turbo Intruder, it doesn't help me so much.

Hannah, PortSwigger Agent | Last updated: Aug 19, 2020 10:24AM UTC