Buy a Burp Suite Certified Practitioner exam, pass before 15 Dec, and we'll refund your $99.  –   Find out more

PROFESSIONAL

Payloads

  • Last updated: December 1, 2021

  • Read time: 1 Minute

This tab is used to configure one or more payload sets. The number of payload sets depends on the attack type defined in the Positions tab. For many common tasks, such as fuzzing parameters, brute force guessing a user's password, or cycling through page identifiers, only a single payload set is needed.

The configuration steps needed to configure a payload set are as follows:

  • Select the payload set that you wish to configure from the drop-down list.
  • Select the payload type to use from the drop-down list. A large number of payload types are available, and these are highly configurable, allowing you to quickly automate the generation of payloads for virtually any situation.
  • Configure the payload options for the selected payload type.
  • Configure any further required payload processing, including payload processingrules to manipulate the generated payloads in various ways, and payload encoding to ensure that the correct characters are URL-encoded for safe transmission over HTTP.