Get involved in the Burp challenge for opportunities to test your skills and win swag  –   Challenge me

PROFESSIONAL

Intruder resource pool

  • Last updated: November 25, 2022

  • Read time: 2 Minutes

A resource pool is a grouping of tasks that share a quota of resources. Each resource pool can be configured with its own throttling settings, which control the number of requests that can be made concurrently, or the frequency at which requests can be made, or both. Both Burp Scanner and Burp Intruder make use of resource pools.

If you add a time delay between requests, then there are a number of options to choose from:

  • Fixed delay.
  • Delay with random variations.
  • Increase delay in increments. This option is particularly useful in determining the time taken for a session to expire if no requests are sent.
  • Automatic backoff. By default, Burp incrementally adds a short delay between requests until it complies with the server's rate limit. This enables the attack to continue as normal, but increases the overall duration. If you prefer, you can disable this behavior by deselecting Automatic backoff.

Each task is assigned to a resource pool when it is created, and tasks can be moved between resource pools at any time.

Using resource pools is particularly useful if you are testing different applications that tolerate automated requests at different rates. They are also useful to prioritize different areas of your testing. For example, you might create one task performing a full crawl and audit of an application, and let this run in the background with a small number of concurrent requests; you might create another task for an Intruder attack, and let this run with a larger number of concurrent requests to give it priority.

You cannot create a new resource pool from an attack that is in progress or has finished. If you have started an attack and want to create a new resource pool, go to the Dashboard and click on the cog settings icon to create the pool.

Was this article helpful?