Intruder resource pool

  • Last updated: May 17, 2022

  • Read time: 2 Minutes

A resource pool is a grouping of tasks that share a quota of resources. Each resource pool can be configured with its own throttling settings, which control the number of requests that can be made concurrently, or the frequency at which requests can be made, or both.

If you add a time delay between requests, then there are a number of options to choose from:

  • Fixed delay.
  • Delay with random variations.
  • Increase delay in increments. This option is particularly useful in determining the time taken for a session to expire if no requests are sent.

Both Intruder and Burp Scanner make use of resource pools.

Each task is assigned to a resource pool when it is created, and tasks can be moved between resource pools at any time.

Using resource pools is particularly useful if you are testing different applications that tolerate automated requests at different rates. They are also useful to prioritize different areas of your testing. For example, you might create one task performing a full crawl and audit of an application, and let this run in the background with a small number of concurrent requests; you might create another task for an Intruder attack, and let this run with a larger number of concurrent requests to give it priority.

You cannot create a new resource pool from an attack that is in progress or has finished. If you have started an attack and want to create a new resource pool, go to the Dashboard and click on the cog settings icon to create the pool.