login

Burp Suite, the leading toolkit for web application security testing

Burp Intruder

Burp Intruder is a tool for automating customized attacks against web applications, to identify and exploit all kinds of security vulnerabilities. Burp Intruder is exceptionally powerful and configurable, and its potential is limited only by your skill and imagination in using it. You can use Intruder to:

  • Performing fuzzing of application requests to identify common vulnerabilities, such as SQL injection, cross-site scripting, and buffer overflows.
  • Enumerate identifiers used within the application, such as account numbers and usernames.
  • Deliver customized brute-force attacks against authentication schemes and session handling mechanisms.
  • Exploit bugs such as broken access controls and information leakage to harvest sensitive data from the application.
  • Perform highly customized discovery of application content in the face of unusual naming schemes or retrieval methods.
  • Carry out concurrency attacks against race conditions, and application-layer denial-of-service attacks.

A typical workflow using Burp Intruder is as follows:

For more detail of the kinds of attacks that can be performed using Intruder, see The Web Application Hacker's Handbook.

Screenshots - click to enlarge

Copyright © 2014 PortSwigger Ltd. All rights reserved.