The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Turbo Intruder with Session Handling Rules

404 | Last updated: Nov 04, 2022 11:44AM UTC

Hello to all, I'm trying to learn turbo intruder. I created session handling rules for 2FA lab to get CSRF tokens like: get /login post /login post /login2 every time I use repeater or intruder my session handling rules are working but if I try to use turbo intruder handling rules are bypassed and every request's csrf token is same with first request. I tried to use engine=Engine.BURP but that still didn't work. Here is my code, please help me. ----------------------------CODE------------------------------- def queueRequests(target, wordlists): engine = RequestEngine(endpoint=target.endpoint, concurrentConnections=1, engine=Engine.BURP ) for word in range(0,9999): mfacode = '{0:04}'.format(word) engine.queue(target.req,mfacode.rstrip()) def handleResponse(req, interesting): # currently available attributes are req.status, req.wordcount, req.length and req.response if req.status != 404: table.add(req)

Ben, PortSwigger Agent | Last updated: Nov 04, 2022 01:49PM UTC