Configuring a Burp Intruder attack

  • Last updated: August 25, 2022

  • Read time: 4 Minutes

The main Intruder UI lets you configure multiple attacks simultaneously, each in its own tab. When you send requests to Intruder, each one is opened in its own numbered tab. Each attack configuration tab contains several sub-tabs that are used to configure the attack. Use the links below for help on the details of each tab:

  • Positions - This is used to configure details of the target server for attack and a request template, together with payload positions, and the attack type (this determines the way in which payloads are assigned to payload positions).
  • Payloads - This is used to configure one or more sets of payloads, which will be placed into payload positions during the attack.
  • Resource Pool - This is used to allocate Intruder resources. You can control settings including throttling.
  • Options - This is used to configure numerous other options affecting the attack.

The easiest way to create a new Intruder attack is to select the relevant base request within another Burp tool (such as the Proxy history or Target site map), and use the Send to Intruder option on the context menu.

Send to Intruder

This will create a new attack tab, and automatically populate the Positions tab with the relevant details about the base request. You can then modify the automatic payload positions if required, and configure suitable payloads and other attack options.

You can see that Burp has automatically made a guess at where you would like to position payloads. By default, payloads are placed into the values of all request parameters and cookies. Each pair of payload markers defines a single payload position, and may enclose some text from the base request, which will be replaced with the contents of the payload when that payload position is used. For further details, see the payload positions help.

Add payload positions

The buttons next to the request editor can be used to Add and Clear the payload markers. Try adding payload markers in new locations within the request, and removing other markers, and see the effects. When you have understood how the payload markers work, click the Auto ยง button to revert to the default payload positions that Burp configured for you.

Intruder buttons

Next, go to the Payloads tab. This lets you define the payloads that will be placed into the defined payload positions. Keep the default setting (to use a Simple list of payloads), and add some test strings to the list. You can enter your own strings by typing into the Enter a new item box and clicking Add.

In Burp Suite Professional, you can use the Add from list drop-down and choose Fuzzing - quick from the list of built-in payload strings.

Payload options

Burp Intruder has a number of functions to help you manage attack configurations. These functions are available via the Intruder menu.

Intruder menu

You can save the attack configuration for the current tab, and reload it later. When loading or saving, you can optionally include or exclude the payload positions settings.

Including the payload positions settings lets you save the full configuration for a specific attack. Excluding the payload positions settings lets you save a generic attack configuration that can be reused for another base request template and payload positions - for example, your preferred configuration for fuzzing a particular type of request.

Save attack configuration

You can copy attack configurations between two existing tabs, or into a new tab. Again, you can optionally include or exclude the payload positions settings.

Copy attack configuration

You can control how Intruder handles attack configurations when you open a new attack tab. You can choose to use the default attack configuration, or to copy the configuration from the first or last open tab.

Using the latter options lets you create a generic attack configuration (e.g. for fuzzing), and automatically apply this to each new request that you send to Intruder.

New tab behavior

Managing attack tabs

You can manage attack tabs using the controls on the tab bar.

Creating a request from scratch

To open a new tab, click the + icon.

Renaming tabs

To rename a tab, double-click the tab header and enter a new name for the tab. Alternatively, right-click the tab and select Rename tab.

Switching tab view

To make it easier to work with a large number of tabs, Burp Intruder provides two different tab views. You can choose whether tabs are displayed in a single, scrollable row or whether they wrap onto multiple rows so that they're all displayed on screen at once.

If the row of tabs extends off the edge of the screen in scrollable view, then an overflow menu icon is displayed. Click this icon to view a drop-down list of all open tabs. You can also use the search bar to locate a specific tab.

To change the tab view, right-click a tab or click the options menu and select Tab view options.

Closing tabs

You can close tabs in multiple ways:

  • To close a single tab, click its x button. You can also right-click the tab and select Close tab.
  • To close all tabs other than the selected tab, right-click the tab and select Close other tabs.
  • To close all tabs to one side of the selected tab, right click the tab and select Close tabs to the left or Close tabs to the right.
  • To close all open tabs, click the options menu and select Close all tabs.

To reopen the last tab you closed, right click any tab and select Reopen closed tab.

Launching an attack

When your attack is fully configured, you can launch the attack by selecting Start attack from the Intruder menu, or by clicking the Start attack.

Each attack runs in a new window, containing detailed results, with full requests and responses (if configured). There are various functions to help you analyze the results, and identify interesting items for further investigation.

Was this article helpful?