Intruder File Payload Generator
This extension provides a way to use file contents and filenames as Intruder payloads.
- Load the extension. A new tab called PayloadTab should appear.
- In the PayloadTab, choose the payload folder. The extension reads all files recursively and lists them.
- In the payloads tab of the Intruder tool:
- At Payload Sets -> Payload Type, select Extension-generated.
- At Payload Options, select File as Payload or Filename as
- If you just need to use the file contents as payload, select File as Payload.
- If you need both the content and filename then choose Pitchfork as the Attack type and use File as Payload for one Payload set and Filename as Payload for the other.
- At Payloads -> Payload Encoding, disable the "URL-encode these characters" option (specially for multipart POST requests).
Requires Java version 7.
|Last updated||02 September 2015|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.