Repeater Strike

Repeater Strike is an AI-powered tool that helps uncover IDOR and other vulnerabilities by analyzing your Repeater requests. It automatically generates targeted regular expressions based on the requests and responses you're testing. Once a vulnerability is detected, these regexes are applied to your proxy history to rapidly identify similar issues across your entire traffic, helping you scale your findings and save time.

Features

• Burp AI powered vulnerability detection
• Automatic generation and application of regular expressions based on testing requests and responses
• Quick identification of similar issues across the entire traffic for scaling findings

Usage

To use Repeater Strike, begin by identifying the target you wish to test. Follow the steps below:

1. In Repeater, make a request to the host, then "Right-click → Extensions → Repeater Strike → Send to Repeater Strike".
2. In the "Repeater Strike" tab, open the "Word list" sub-tab and click "Populate with default word list".
3. Switch to the "Requests/Responses queue" sub-tab and click "Generate Strike Rule".
4. Choose "Using AI Regex"; if successful, save the Strike Rule, and it will scan the proxy history.
5. Edit saved Strike Rules in the "Saved Strike Rules" tab and scan proxy history anytime using the "Run Strike rule on proxy history" button.

Further configuration of Repeater Strike is available in "Settings → Extensions → Repeater Strike". Here, you can set proxy data scan limits, request/response/image caps, and enable automatic Strike Rules and proxy history scanning when sending Repeater requests.

Copyright © 2025 PortSwigger Ltd.