ProfessionalCommunity Edition

Burp Intruder resource pools

• Last updated: March 1, 2024

• Read time: 2 Minutes

A resource pool is a group of tasks that share a quota of resources. Resource pools make it easier for you to:

• Manage and prioritize the usage of system resources, particularly across multiple attacks.
• Test applications that tolerate automated requests at different rates.

Creating resource pools

New tasks are assigned to a default resource pool. You can create a custom pool at any point before you start the attack. To create a resource pool:

1. Go to Intruder > Resource pool.
2. Select Create new resource pool.
3. Enter a name for the pool and configure the pool settings.
4. The pool is created when you start the attack.

If you want to create a new pool after the attack has started, you need to do so in a different task or in the Settings dialog under Project > Tasks.

Resource pool settings

Each resource pool can be configured with its own throttling settings:

• Maximum concurrent requests - Limit the number of requests that the attack sends simultaneously. This is useful so you don't overload the target server or exceed the configured rate limit.

• Delay between requests - This is in milliseconds. You can choose from three delay types:

  • Fixed.
  • With random variations.
  • Increase delay in increments - This enables you to determine the time taken for a session to expire if no requests are sent.
• Automatic throttling - Automatically add a short delay between requests when the server responds with one of the specified codes. You can enable and configure this setting in the default resource pool.

Moving tasks between resource pools

To move a task before you start an attack, go to Intruder > Resource pool, and select the pool.

To move a task during an attack, select the pool from the Resource pool tab in the attack window. This enables you to manage the use of system resources in real time.