Burp Suite User Forum

Login to post

Target Site in the Intruder

Nadav | Last updated: Aug 12, 2020 08:28AM UTC

Hi, Is it possible to add the option to change the target site in the intruder, to be able to set a payload set for it as well?

Hannah, PortSwigger Agent | Last updated: Aug 13, 2020 07:20AM UTC

Once an attack has been started, you cannot change the Attack Target. Could you provide some more details on why you would want this functionality?

Nadav | Last updated: Aug 13, 2020 07:57AM UTC

There are many times that I need to test the same endpoints/parameters for many domains/subdomains. Today, to solve this problem, I'm writting a Python code, but if I want to use Burp's power, I'll have to write them myself in the Python, for example to use threads, I'll have to write it myself instead of using Burp's. This problem is repeated for me, and I'm sure for many more, both in bug bounty programs (for example - I want to test all the scope with the same parameters) and in my job.

Hannah, PortSwigger Agent | Last updated: Aug 14, 2020 08:14AM UTC

When you say you're writing in Python code - are you currently using Turbo Intruder to provide this functionality?

Nadav | Last updated: Aug 16, 2020 07:58AM UTC

No, I mean I'm opening new Python file and literally write it myself.

Hannah, PortSwigger Agent | Last updated: Aug 17, 2020 02:37PM UTC

Have you tried using Turbo Intruder for this functionality at all? It allows you to have greater control over your attack as you can configure it using Python. You can find it available on the BApp Store.

Nadav | Last updated: Aug 18, 2020 06:53AM UTC

I am familiar with Turbo Intruder, but as much as I know, I has only one injecting point, while I need at least 2 if using Turbo Intruder (Host heade + at least one parameter) or at least 3 if using Burp's internal Intruder (targeting domain, Host header and at least one parameter). Thus, as much as I know Turbo Intruder, it doesn't help me so much.

Hannah, PortSwigger Agent | Last updated: Aug 19, 2020 10:24AM UTC

Hi. I have created the feature request for you. However, due to a large backlog of feature requests, I am unable to provide an ETA for when this functionality will be implemented.

You need to Log in to post a reply. Or register here, for free.