ProfessionalCommunity Edition

Burp Intruder payload positions

  • Last updated: October 29, 2024

  • Read time: 2 Minutes

When you send a request to Burp Intruder, a new tab is created containing the request and target details. You can set payload positions anywhere in these fields. These positions determine where Burp Intruder will insert payloads during the attack.

Note

By default, Update Host header to match target is selected. This means that if the target is modified during the attack, the Host header in the base request is automatically updated to match the new target. You can deselect this to amend the target only. This enables you to send an arbitrary Host header to a fixed target, for example to craft an HTTP host header attack.

Each payload position is enclosed by a pair of payload markers §, and highlighted for ease of identification.

To automatically set a single payload position when you send a request to Burp Intruder, highlight the position value in a message editor anywhere in Burp, then right-click the message and select Send to Intruder.

In Intruder, you can set and modify payload positions in the following ways:

  • Insert a single payload marker - click Add §.
  • Insert a pair of markers - select any text and click Add §. This inserts markers on either side of the selected text.
  • Remove all payload markers - click Clear §.

    • If you have selected some text, markers are removed from within the selected area only.
  • Apply automatic payload markers - click Auto §. Burp inserts automatic payload positions. You can configure whether these replace or append to the base parameter value in the Settings dialog.

    • If you have selected some text, automatic markers are placed within the selected area only. For example, if a multipart parameter value contains data in XML or JSON format, you can highlight the formatted data and click Auto § to position payloads within it.

During the attack, both the payload markers and any enclosed text are replaced with the payload. If the payload position does not have an assigned payload, the enclosed text is unchanged but the markers are removed.

Note

You can also use Intruder's payload positions as insertion points for Burp Scanner. Configure your payload positions, then click on the top-level Intruder menu and select Scan defined insertion points.

For more information on Burp Scanner insertion points, see Auditing.

Was this article helpful?