Payload positions

This tab is used to configure the request template for the attack, together with payload markers, and the attack type (which determines the way in which payloads are assigned to payload positions).

Request template

The main request editor is used to define the request template from which all attack requests will be derived. For each attack request, Burp takes the request template, and places one or more payloads into the positions defined by the payload markers.

The easiest way to set up the request template is to select the request you want to attack anywhere within Burp, and choose the "Send to Intruder" option on the context menu. This will send the selected request to a new tab in Intruder, and will automatically populate the Target and Positions tabs.

Payload markers

Payload markers are placed using the § character, and function as follows:

To make the configuration easier, Intruder automatically highlights each pair of payload markers and any enclosed text between them.

You can place payload markers manually or automatically. When you send a request to Intruder from elsewhere within Burp, Intruder makes a guess at where you are likely to want to place payloads, and sets payload markers accordingly. You can modify the default payload markers using the buttons next to the request template editor:

Note: You can also use Intruder's payload positions UI to configure custom insertion points for scans by Burp Scanner. To do this, configure the request template and payload markers in the usual way within Intruder, and then select "Audit defined insertion points" from the Intruder menu.

Attack type

Burp Intruder supports various attack types - these determine the way in which payloads are assigned to payload positions. The attack type can be selected using the drop-down above the request template editor. The following attack types are available: