Support
Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Burp Suite Professional and Community editions Burp Suite Enterprise Edition
Burp Scanner Burp Collaborator
Burp Infiltrator Full Documentation Contents
Extensibility
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
  1. Support Center
  2. Documentation
  3. Desktop editions
  4. Tools
  5. Intruder
  6. Positions

Payload positions

This tab is used to configure the request template for the attack, together with payload markers, and the attack type (which determines the way in which payloads are assigned to payload positions).

Request template

The main request editor is used to define the request template from which all attack requests will be derived. For each attack request, Burp takes the request template, and places one or more payloads into the positions defined by the payload markers.

The easiest way to set up the request template is to select the request you want to attack anywhere within Burp, and choose the "Send to Intruder" option on the context menu. This will send the selected request to a new tab in Intruder, and will automatically populate the Target and Positions tabs.

Payload markers

Payload markers are placed using the § character, and function as follows:

To make the configuration easier, Intruder automatically highlights each pair of payload markers and any enclosed text between them.

You can place payload markers manually or automatically. When you send a request to Intruder from elsewhere within Burp, Intruder makes a guess at where you are likely to want to place payloads, and sets payload markers accordingly. You can modify the default payload markers using the buttons next to the request template editor:

Note: You can also use Intruder's payload positions UI to configure custom insertion points for scans by Burp Scanner. To do this, configure the request template and payload markers in the usual way within Intruder, and then select "Audit defined insertion points" from the Intruder menu.

Attack type

Burp Intruder supports various attack types - these determine the way in which payloads are assigned to payload positions. The attack type can be selected using the drop-down above the request template editor. The following attack types are available:

back-to-top